Skip to content
This repository has been archived by the owner on Jan 5, 2023. It is now read-only.

Bug Report: XSS Vulnerability in acp.php on FlatCore v1.4.6 #34

Closed
ghi5107 opened this issue May 24, 2017 · 5 comments
Closed

Bug Report: XSS Vulnerability in acp.php on FlatCore v1.4.6 #34

ghi5107 opened this issue May 24, 2017 · 5 comments

Comments

@ghi5107
Copy link

ghi5107 commented May 24, 2017

Title: XSS Vulnerability in acp.php
Security: Low (visit acp.php as a administrator)
Software: https://codeload.github.com/flatCore/flatCore-CMS/zip/v1.4.6
code:
pages.edit_form.php:
flatcore xss

Reproduce: (get client cookie information)
http://localhost/fc/acp/acp.php/p3q7o'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eoqch8?tn=pages&sub=edit&editpage=2
xss

reference about XSS:
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

Discovered by: ghi from Huawei Weiran Labs

@ghi5107 ghi5107 changed the title XSS Vulnerability in acp.php on FlatCore v1.4.6 Bug Report: XSS Vulnerability in acp.php on FlatCore v1.4.6 May 25, 2017
@ghi5107
Copy link
Author

ghi5107 commented Jun 2, 2017

Do anyone confirm the issue??
I think xss vulnerabiltiy is harmful to administrator, attacker may steal information by enticing a administator to open a crafted web page.

@patkon
Copy link
Member

patkon commented Jun 2, 2017

I'll fix that as soon as possible. I'm working on it.
Thanks for reporting.

@ghi5107
Copy link
Author

ghi5107 commented Jun 6, 2017

thanks for your response

@fgeek
Copy link

fgeek commented Jun 7, 2017

CVE-2017-9451 has been assigned for this vulnerability. You can add it to commit message and ChangeLog file, thanks.

patkon added a commit that referenced this issue Jun 7, 2017
Issue: Bug Report: XSS Vulnerability in acp.php on FlatCore v1.4.6 #34
@ghi5107
Copy link
Author

ghi5107 commented Jun 7, 2017

Verified, no longer work, thank you.

@ghi5107 ghi5107 closed this as completed Jun 7, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants