New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CMSuno v1.7 stored XSS #17
Comments
|
Hi, Thanks for this full report. I will fix that. Regards |
|
This is fixed. V1.7.1 Regards |
|
Hi @boiteasite ! Thank you for the patch, is it possible to request a CVE ID? |
|
CVE-2021-36654 has been assigned for this issue. You can request CVEs via https://cveform.mitre.org/. |
|
Thank you Henri, I did not know this site. |
|
Thank you @fgeek @boiteasite :) Have a nice day :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi :)
cmsuno version 1.7 is vulnerable to a stored cross site scripting. An authenticated attacker can inject a payload while updating the template's image filename after intercepting the request using Burpsuite via the tgo parameter.
After successful update of the template, the xss is poped up in the website page.
Steps to reproduce
Thanks
The text was updated successfully, but these errors were encountered: