Skip to content

filebrowser arbitrary js injection #1059

Closed
@tablatronix

Description

reported by tc.coen

XSS
Risk
Medium-High; arbitrary javascript execution, which can lead to cookie stealing, key logging, and CSRF protection bypass, which in this case leads to arbitrary code execution via eg the theme editor

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions