This repository has been archived by the owner on Jun 7, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 202
XSS vulnerabilities in the admin panel #1039
Labels
Comments
ecartz
added a commit
that referenced
this issue
Jan 27, 2021
This removes the module GET parameter if it doesn't match any of the installed modules. #1039
This commit still allows other parameters to enter in the URL without being sanitized. In Line 157 of admin/action_recorder.php:
|
Multiple more XSS bugs were found in the admin panel.
Note: Other post parameters may also be vulnerable
Note: there is a CVE record for this bug CVE
Note: there is a CVE record for this bug CVE
|
ovanr
changed the title
RXSS vulnerability in action_recorder.php
XSS vulnerabilities in the admin panel
Feb 6, 2021
ecartz
added a commit
to CE-PhoenixCart/PhoenixCart
that referenced
this issue
Jun 9, 2021
As a side effect, this should resolve the original report at gburton/CE-Phoenix#1039 Obviously it won't resolve the other pages, which would be separate.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Issue description
An RXSS vulnerability was identified in the admin panel due to insufficient sanitization of the GET parameter 'module'.
As a result Javascript code can get executed using an exploit link.
Steps to reproduce the issue
http://{HOSTNAME}/admin/action_recorder.php?module=';alert(0xdeadbeef);'&aID
Additional details / screenshot
The text was updated successfully, but these errors were encountered: