The "utilisateur" menu on the WityCMS 0.6.2 site modifies the presence of XSS at two input points for user information, with the parameters "first name" and "last name".
payload:
" onclick="alert(document.cookie)"
" onclick="alert(document.cookie)"
Javascript gets executed. Here's an output of the mentioned payload when entered and saved.
Payload data are submitted to apps/user/admin/view.php
When users want to change their names, clicking the input box triggers the code.
The text was updated successfully, but these errors were encountered:
The "utilisateur" menu on the WityCMS 0.6.2 site modifies the presence of XSS at two input points for user information, with the parameters "first name" and "last name".
payload:
" onclick="alert(document.cookie)"
" onclick="alert(document.cookie)"
Javascript gets executed. Here's an output of the mentioned payload when entered and saved.





Payload data are submitted to apps/user/admin/view.php
When users want to change their names, clicking the input box triggers the code.
The text was updated successfully, but these errors were encountered: