You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 22, 2020. It is now read-only.
Stored XSS is found in the "Module name" field in CMS Clipper_1.3.3 version.The module name value is obtained from the user,it is getting saved and displayed without any sanitation.
Affected URL: http://localhost/ClipperCMS-clipper_1.3.3/manager/
Steps to reproduce:
1.Under Modules choose Manage modules->edit
2.Enter the XSS payload in "Module name field and save it.
3.The script is getting executed and results in stored cross site scripting attack.
For your reference:
Stored XSS is found in the "Module name" field in CMS Clipper_1.3.3 version.The module name value is obtained from the user,it is getting saved and displayed without any sanitation.
Affected URL:
http://localhost/ClipperCMS-clipper_1.3.3/manager/
Steps to reproduce:
1.Under Modules choose Manage modules->edit
2.Enter the XSS payload in "Module name field and save it.
3.The script is getting executed and results in stored cross site scripting attack.
For your reference:
Mitigation:
Strong Input validation has to be performed for all the entry points.Fully encode all dynamic data before embedding it in the web page. Encoding should be context-sensitive.
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
The text was updated successfully, but these errors were encountered: