Description:
Cross-site scripting (XSS) vulnerability in Gleez CMS might allow remote attackers (users) to inject arbitrary web script or HTML via the source editor, which will result in Stored XSS when an Administrator tries to edit the post.
Attack Impact:
This could be used to perform actions against the administrators (or any user editing that post) and could potentially lead to hijacking the user’s session/token. This could happen by users navigating to the attacker’s post on their own, or by the attacker somehow persuading the victim to navigate to the post.
Note: It'll not result into XSS in the normal view mode, but when admin or other user will try to edit the post code will be executed.[Stored XSS from User to Admin.]
Description:
Cross-site scripting (XSS) vulnerability in Gleez CMS might allow remote attackers (users) to inject arbitrary web script or HTML via the source editor, which will result in Stored XSS when an Administrator tries to edit the post.
Vulnerability Type: Stored XSS
Attack Vectors:
<img src="x" onerror="alert(document.domain)" style="">Attack Impact:
This could be used to perform actions against the administrators (or any user editing that post) and could potentially lead to hijacking the user’s session/token. This could happen by users navigating to the attacker’s post on their own, or by the attacker somehow persuading the victim to navigate to the post.
Note: It'll not result into XSS in the normal view mode, but when admin or other user will try to edit the post code will be executed.[Stored XSS from User to Admin.]
Assigned CVE: CVE-2018-7035
The text was updated successfully, but these errors were encountered: