Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security]Gila CMS v1.11.4 has xss vulnerability in the release of new posts #53

Closed
yaoyao6688 opened this issue Oct 15, 2019 · 0 comments
Assignees

Comments

@yaoyao6688
Copy link

yaoyao6688 commented Oct 15, 2019

Gila CMS 1.11.4 version has xss vulnerability in the release of new posts
System environment
The browser used is Firefox
php7.3.4+apache2.4.39+mysql5.7.26
Vulnerability verification step
Vulnerability verification step:
1 log in system
2 Select Posts->Post->new at the control panel
3 Edit the post and insert "><svg/onload=alert(document.cookie)> in the tags
4 Set the post to be public and post the post and then access the page
Vulnerability screenshot
图片.png
图片.png
Repair opinion
Encoding the submitted content of the Tags content

@yaoyao6688 yaoyao6688 changed the title [Security]Gila CMS 1.11.4 version has xss vulnerability in the release of new posts [Security]Gila CMS v1.11.4 has xss vulnerability in the release of new posts Oct 15, 2019
@vzuburlis vzuburlis self-assigned this Oct 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants