You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An authenticated malicious user can take advantage of a Stored XSS vulnerability in the "Dashboard Configuration" feature.
Proof of Concept
Step 1: Go to "index.php?module=dashboard_configure/index", click "Add info block" and insert payload "<img src=1 onerror='alert(document.coookie)'/>" in Title field.
Step 2: Alert XSS Message
Impact
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.
The text was updated successfully, but these errors were encountered:
Version: 3.2.1
Description
An authenticated malicious user can take advantage of a Stored XSS vulnerability in the "Dashboard Configuration" feature.
Proof of Concept
Step 1: Go to "index.php?module=dashboard_configure/index", click "Add info block" and insert payload "
<img src=1 onerror='alert(document.coookie)'/>
" in Title field.Step 2: Alert XSS Message
Impact
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.
The text was updated successfully, but these errors were encountered: