Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HotaruCMS v1.7.2 has a Stored Cross Site Scripting in SITE NAME. #101

Open
SunJ3t opened this issue Sep 26, 2019 · 1 comment
Open

HotaruCMS v1.7.2 has a Stored Cross Site Scripting in SITE NAME. #101

SunJ3t opened this issue Sep 26, 2019 · 1 comment

Comments

@SunJ3t
Copy link

SunJ3t commented Sep 26, 2019

A xss vulnerability was discovered in Hotaru v1.7.2.
There is a stored XSS vulnerability in title[SITE NAME] if I use the payload "><script>alert(1)</script>.

图片

图片

Then it will trigger the payload when I access the website.

图片

@huntr-helper
Copy link

‎‍🛠️ A fix has been provided for this issue. Please reference: 418sec#1

🔥 This fix has been provided through the https://huntr.dev/ bug bounty platform.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants