You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Type of vulnerability: Stored XSS
Discovered by: iso60001
Description: Stored XSS attack is one of the three major categories of XSS attacks, the others being Non-Persistent (or Reflected) XSS and DOM-based XSS.
Step to reproduce the vulnerability:
1.Login the CMS.
2.Open Page http://10.10.10.174/GetSimpleCMS/admin/settings.php
3.Put XSS payload ("><svg/onload=alert(1)><") in the "Custom Permalink Structure" parameter and click on "Save Setting".
Type of vulnerability: Stored XSS
Discovered by: iso60001
Description: Stored XSS attack is one of the three major categories of XSS attacks, the others being Non-Persistent (or Reflected) XSS and DOM-based XSS.
Step to reproduce the vulnerability:
1.Login the CMS.
2.Open Page http://10.10.10.174/GetSimpleCMS/admin/settings.php
3.Put XSS payload ("><svg/onload=alert(1)><") in the "Custom Permalink Structure" parameter and click on "Save Setting".
4.Open Page http://10.10.10.174/GetSimpleCMS/admin/edit.php
5.Put "www" in the title and body , click on "save page" to publish the page.
6.Finally , as shown in the figure.
7.Visit the page http://10.10.10.174/GetSimpleCMS/admin/pages.php
The text was updated successfully, but these errors were encountered: