Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stored Cross-site Scripting (XSS) #209

Open
prodigysml opened this issue Oct 30, 2017 · 1 comment
Open

Stored Cross-site Scripting (XSS) #209

prodigysml opened this issue Oct 30, 2017 · 1 comment
Labels

Comments

@prodigysml
Copy link

Issue

Stored XSS found within the blog creation page. This allows attackers to get arbitrary execution of javascript code.

Steps to reproduce

  1. Log into a user's account with blog writing permissions (like role user in the demo website)
  2. Go to the blogs page
  3. Create a blog page, with the contents of the page as follows:
    <img src=x onerror=alert(1)>
    Please ensure this payload is entered using the source code view of the blog editor
@Renfos Renfos added the bug label Dec 7, 2017
@NicoleG25
Copy link

@Renfos Was this issue ever addressed? please note that CVE-2017-1000467 was assigned

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants