Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There are multiple cross-site scripting (XSS) vulnerabilities in the management panel #21

Closed
zyfyc opened this issue Feb 19, 2019 · 1 comment

Comments

@zyfyc
Copy link

zyfyc commented Feb 19, 2019

There are two Stored-XSS Vulnerabilities in the backstage
We can make the Stored-XSS via edit the Projects or Main
poc:
0

1

2

3

4

fix:
Strictly verify user input, you must perform strict checks and html escape escaping on all input scripts, iframes, etc. The input here is not only the input interface that the user can directly interact with, but also the variables in the HTTP request in the HTTP request, the variables in the HTTP request header, and so on.

@Vaska
Copy link
Collaborator

Vaska commented Feb 21, 2019

I understand this, but you are logged in to the cms - of course, if you are logged in you can do much damage to any site.

@Vaska Vaska closed this as completed Jul 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants