You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey, guys, CMS's wonderful work! I found safety problems on the website in management settings:
A cross-site scripting (XSS) vulnerability stored in the "Site Name" field found in the "Contact" "Configuration" page of WistyCMS 0.6.2 allows remote attackers to inject arbitrary Web scripts or HTML through elaborate site names through HTTP requests authenticated with WITYCMS/Admin.
" onclick="alert(1)"
After saving the input JS code, the script is hidden in the tag attribute, and the script code is executed by clicking the input box.
Javascript gets executed. Here's an output of the mentioned payload when entered and saved.
If the data is not sanitized upon input, these components are going to return arbitrary web script or HTML that can be rendered by the browser .
【ZKZX-SHOWTIME】
The text was updated successfully, but these errors were encountered:
Hey, guys, CMS's wonderful work! I found safety problems on the website in management settings:
A cross-site scripting (XSS) vulnerability stored in the "Site Name" field found in the "Contact" "Configuration" page of WistyCMS 0.6.2 allows remote attackers to inject arbitrary Web scripts or HTML through elaborate site names through HTTP requests authenticated with WITYCMS/Admin.
" onclick="alert(1)"
After saving the input JS code, the script is hidden in the tag attribute, and the script code is executed by clicking the input box.
Javascript gets executed. Here's an output of the mentioned payload when entered and saved.
If the data is not sanitized upon input, these components are going to return arbitrary web script or HTML that can be rendered by the browser .
【ZKZX-SHOWTIME】
The text was updated successfully, but these errors were encountered: