Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
There are 3 XSS vulnerabilities loading admin/menu.php sign in and select "SETTINGS", Insert the payload "'<script>alert(0)</script>" in the add page /URL/ URL / link text and submit.
open menu.php line 167
<script type="text/javascript"> -- | $(document).ready(function(){ | $('[href="menu.php"]').addClass('active'); | }); | </script> | <div class="main"> | <div class="main-content"> | <div class="container-fluid"> | | <div class="panel panel-headline"> | <div class="panel-heading"> | <h3 class="panel-title">Create Menu</h3> | <p class="subtitle">Add/Remove/Edit files and folders.</p> | </div> | <div class="panel-body"> | <form class="row" method="post" action="" id="menu-form"> | <textarea name="created-menu-array" id="created-menu-array" class="created-menu-array"></textarea> | <div class="col-sm-4"> | <h3 class="text-center">Add Page/URL</h3> | <hr/> | <div class="panel panel-primary"> | <div class="panel-heading">Pages</div> | <div class="panel-body"> | <div class="menu-available-pages" id="menu-available-pages"> | </div> | | <div class="text-right"> | <button class="btn btn-default" id="menu-select-all">Select All</button> | <button class="btn btn-primary" id="menu-add-pages">Add Page(s)</button> | </div> | </div> | </div> | | <div class="panel panel-primary"> | <div class="panel-heading">Custom Link</div> | <div class="panel-body"> | <div class="form-group"> | <label>URL</label> | <input type="text" class="form-control" id="mal-url" name=""> | </div> | | <div class="form-group"> | <label>Link Text</label> | <input type="text" class="form-control" id="mal-text" name=""> | </div> | | <div class="text-right"> | <button class="btn btn-primary pull-right" id="menu-add-link">Add Link</button> | </div> | </div> | </div> | </div> | | <div class="col-sm-8"> | <h3 class="text-center">Menu Structure</h3> | <hr/> | <div class="dd menu-selected-items" id="menu-selected-items"> | <ol class="dd-list menu-selected-items-list"><li class="dd-item" data-menu_file="" data-menu_url="/" data-menu_title="Home"><div class="dd-handle">Home<span class="fa fa-close menu_item_remove"></span></div></li><li class="dd-item" data-menu_file="" data-menu_url="<script>alert(0)</script>" data-menu_title="<script>alert(0)</script>"><div class="dd-handle"><script>alert(0)</script><span class="fa fa-close menu_item_remove"></span></div></li></ol> | </div> | </div> | | <div class="form-group text-right"> | <div class="col-sm-12"> | <input type="submit" id="menu-submit" name="menu-submit" class="btn btn-success" value="Submit"/> | </div> | </div> | </form> | </div> | </div> | </div> | </div> | </div> | <div class="clearfix"></div> | <footer> | <div class="container-fluid"> | <p class="copyright">© 2018 PuppyCMS. All Rights Reserved.</p> | </div> | </footer> | </div> | <script src="assets/scripts/puppyadmin.js"></script>
The text was updated successfully, but these errors were encountered:
Can you help me to apply for a CVE number? thank you very much indeed
Sorry, something went wrong.
No branches or pull requests
There are 3 XSS vulnerabilities
loading admin/menu.php
sign in and select "SETTINGS",
Insert the payload "'<script>alert(0)</script>" in the add page /URL/ URL / link text and submit.
open menu.php
line 167
The text was updated successfully, but these errors were encountered: