Stored XSS is found in the "Module name" field in CMS Clipper_1.3.3 version.The module name value is obtained from the user,it is getting saved and displayed without any sanitation.
Affected URL: http://localhost/ClipperCMS-clipper_1.3.3/manager/
Steps to reproduce:
1.Under Modules choose Manage modules->edit
2.Enter the XSS payload in "Module name field and save it.
3.The script is getting executed and results in stored cross site scripting attack.
For your reference:
Stored XSS is found in the "Module name" field in CMS Clipper_1.3.3 version.The module name value is obtained from the user,it is getting saved and displayed without any sanitation.




Affected URL:
http://localhost/ClipperCMS-clipper_1.3.3/manager/
Steps to reproduce:
1.Under Modules choose Manage modules->edit
2.Enter the XSS payload in "Module name field and save it.
3.The script is getting executed and results in stored cross site scripting attack.
For your reference:
Mitigation:
Strong Input validation has to be performed for all the entry points.Fully encode all dynamic data before embedding it in the web page. Encoding should be context-sensitive.
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
The text was updated successfully, but these errors were encountered: