Skip to content
This repository has been archived by the owner on Jan 5, 2023. It is now read-only.

Create Page XSS #69

Closed
MorphyKutay opened this issue Oct 10, 2021 · 1 comment
Closed

Create Page XSS #69

MorphyKutay opened this issue Oct 10, 2021 · 1 comment

Comments

@MorphyKutay
Copy link

Describe the bug
Meta etiketlere ve içeriğe yazılan xss yükünü filtrelememek

https://owasp.org/www-community/attacks/xss/

To Reproduce
Steps to reproduce the behavior:
1-) press create new page from home page

2-) Enter the meta tags and content e xss payload

3-) go to admin panel and press go to home page button and xss pop-up

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Ekran görüntüsü 2021-10-10 215706

Additional context
POC : https://www.youtube.com/watch?v=wmQf0B3Sa6c

patkon added a commit that referenced this issue Oct 11, 2021
@patkon
Copy link
Member

patkon commented Oct 11, 2021

Thank you for Reporting. The Meta Tags are sanitized.
This becomes more difficult with the page content. It is difficult to do without HTML here.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants