Skip to content

Cross Site Scripting Vulnerability in Latest Release 3.3.13 #1266

Open
@MrR3boot

Description

@MrR3boot

Hi, I would like to report Cross Site Scripting vulnerability in latest release.

Description:

Cross-site scripting (XSS) vulnerability in uploadify flash file might allow remote attackers to inject arbitrary web script or HTML via the multiple parameters.

Steps To Reproduce:

  1. Open below URL in browser which supports flash.
    http://[URL]GetSimpleCMS-3.3.13/admin/template/js/uploadify/uploadify.swf?movieName="])}catche(e){alert("xss")}//

Fix:

Update uploadify version.

Release Info:

3.3.13

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions