Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Flatpress- 1.2.1 - Reflected XSS on page parameter #153

Closed
s4n-h4xor opened this issue Sep 28, 2022 · 3 comments
Closed

Flatpress- 1.2.1 - Reflected XSS on page parameter #153

s4n-h4xor opened this issue Sep 28, 2022 · 3 comments
Labels

Comments

@s4n-h4xor
Copy link

s4n-h4xor commented Sep 28, 2022

Severity:
Medium

Description:
Cross-site scripting (XSS) vulnerabilities arise when an attacker sends malicious code to the
victim's browser, mostly using JavaScript. A vulnerable web application might embed untrusted
data in the output, without filtering or encoding it. In this way, an attacker can inject a malicious
script into the application, and the script will be returned in the response. This will then run on the
victim's browser.
It is observed that the page parameter does not sanitize input properly which leads to reflected XSS
attacks.

Technical Impact:
It is possible to steal or manipulate customer sessions and cookies, which might be used to
impersonate a legitimate user, allowing the hacker to view or alter the blog.

Suggested Remediation:

  1. Application should encode data on output.
  2. Application should filter input on page parameters.

Steps to Reproduce:

  1. Login to the application
    1

  2. Entre the below payload in the URL and observe XSS payload getting executed.
    Payload:
    http://server/flatpress/admin.php?p=static&action=write&page=%22onfocus%3d%22alert%28document.cookie%29%22autofocus%3d%22zr4da

2

Opening issue here, Got no reply from [hello@flatpress.org] for 2 months

@azett
Copy link
Member

azett commented Oct 2, 2022

Confirmed. Sorry for being late!

@azett azett added the security label Oct 2, 2022
@Fraenkiman
Copy link
Contributor

Hello all,

laborix has created a solution in the forum.

With best regards
Frank

@azett azett closed this as completed in 0a7ad2c Dec 17, 2022
@azett
Copy link
Member

azett commented Dec 17, 2022

Fixed with 0a7ad2c, thank you very much for reporting!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants