This repository has been archived by the owner on Jan 5, 2023. It is now read-only.
Bug Report: XSS Vulnerability in acp.php on FlatCore v1.4.6 #34
Comments
|
Do anyone confirm the issue?? |
|
I'll fix that as soon as possible. I'm working on it. |
|
thanks for your response |
|
CVE-2017-9451 has been assigned for this vulnerability. You can add it to commit message and ChangeLog file, thanks. |
patkon
added a commit
that referenced
this issue
Jun 7, 2017
Issue: Bug Report: XSS Vulnerability in acp.php on FlatCore v1.4.6 #34
|
Verified, no longer work, thank you. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Title: XSS Vulnerability in acp.php

Security: Low (visit acp.php as a administrator)
Software: https://codeload.github.com/flatCore/flatCore-CMS/zip/v1.4.6
code:
pages.edit_form.php:
Reproduce: (get client cookie information)

http://localhost/fc/acp/acp.php/p3q7o'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eoqch8?tn=pages&sub=edit&editpage=2
reference about XSS:
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
Discovered by: ghi from Huawei Weiran Labs
The text was updated successfully, but these errors were encountered: