Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stored XSS in Blocks/Navigation/Site Variables (release/1.4.11) #574

Closed
0verall opened this issue Sep 23, 2020 · 0 comments
Closed

Stored XSS in Blocks/Navigation/Site Variables (release/1.4.11) #574

0verall opened this issue Sep 23, 2020 · 0 comments

Comments

@0verall
Copy link

0verall commented Sep 23, 2020

  1. Stored xss in Blocks name
    image
    Refresh the page, it will trigger below "Recently Viewed" menu
    image
    Front page:
    image
    payload:
    "onmousemove="alert(1)

  2. Stored xss in Navigation Label
    image
    image
    payload:
    "onmousemove="alert(/Nav/)

  3. Stored xss in Site Variables Name
    image
    image
    payload:
    "onmousemove="alert(/site/)
@0verall 0verall changed the title Stored XSS in Blocks/Navigation/Site Variables Stored XSS in Blocks/Navigation/Site Variables (release v1.4.11) Sep 23, 2020
@0verall 0verall changed the title Stored XSS in Blocks/Navigation/Site Variables (release v1.4.11) Stored XSS in Blocks/Navigation/Site Variables (release/1.4.11) Sep 23, 2020
daylightstudio pushed a commit that referenced this issue Sep 23, 2020
fix: issue #574
af63a23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daylightstudio @0verall