Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is a stored XSS vulnerability #7

Open
MRdoulestar opened this issue Feb 28, 2019 · 1 comment
Open

There is a stored XSS vulnerability #7

MRdoulestar opened this issue Feb 28, 2019 · 1 comment

Comments

@MRdoulestar
Copy link

Vulnerability description

A xss vulnerability was discovered in baigoCMS.
There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the form(opt[base][BG_SITE_NAME]) parameter post to the
/baigocms/bg_console/index.php?m=opt&c=request

poc

xss payload:
<img src=# onerror="alert(1)">

image

image

image

image

@NicoleG25
Copy link

@fonering is there a plan to address this vulnerability ?
Please note that CVE-2019-9226 was assigned to this.
Thanks in advance !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants