Type of vulnerability: Stored XSS
Discovered by: iso60001
Description: Stored XSS attack is one of the three major categories of XSS attacks, the others being Non-Persistent (or Reflected) XSS and DOM-based XSS.
Step to reproduce the vulnerability:
1.Login the CMS.
2.Open Page http://10.10.10.174/GetSimpleCMS/admin/settings.php
3.Put XSS payload ("><svg/onload=alert(1)><") in the "Custom Permalink Structure" parameter and click on "Save Setting".
Type of vulnerability: Stored XSS
Discovered by: iso60001
Description: Stored XSS attack is one of the three major categories of XSS attacks, the others being Non-Persistent (or Reflected) XSS and DOM-based XSS.
Step to reproduce the vulnerability:
1.Login the CMS.
2.Open Page http://10.10.10.174/GetSimpleCMS/admin/settings.php
3.Put XSS payload ("><svg/onload=alert(1)><") in the "Custom Permalink Structure" parameter and click on "Save Setting".
4.Open Page http://10.10.10.174/GetSimpleCMS/admin/edit.php
5.Put "www" in the title and body , click on "save page" to publish the page.
6.Finally , as shown in the figure.
7.Visit the page http://10.10.10.174/GetSimpleCMS/admin/pages.php
The text was updated successfully, but these errors were encountered: