HTML injection found in the "User Groups" field in CMS Clipper_1.3.3 version.The module name value is obtained from the user,it is getting saved and displayed without any sanitation. Affected URL:
http:///ClipperCMS-clipper_1.3.3/manager/
Steps to reproduce:
1.Under Security >> Manager Permissions -->> User Groups
Create New user group using
">
This is Prasad Lingamaiah
!--
Goto the user/Resource Group links and html script will execute
**For your reference:
**
The text was updated successfully, but these errors were encountered:
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
None yet
1 participant
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.
HTML injection found in the "User Groups" field in CMS Clipper_1.3.3 version.The module name value is obtained from the user,it is getting saved and displayed without any sanitation.
Affected URL:
http:///ClipperCMS-clipper_1.3.3/manager/
Steps to reproduce:
1.Under Security >> Manager Permissions -->> User Groups
">
This is Prasad Lingamaiah
!--**For your reference:
**
The text was updated successfully, but these errors were encountered: