Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XSS on Hoosk v1.7.0 #47

Closed
Hu3sky opened this issue Aug 19, 2018 · 1 comment · Fixed by #55
Closed

XSS on Hoosk v1.7.0 #47

Hu3sky opened this issue Aug 19, 2018 · 1 comment · Fixed by #55

Comments

@Hu3sky
Copy link

Hu3sky commented Aug 19, 2018

the xss is on the page 'admin/pages/new',add a text new page, fill the <img src=1 onerror=alert(1)> in the 'Navigation Title* (this is displayed on navigation menus)' field
tim 20180819142717
tim 20180819142913
@havok89
Copy link
Owner

havok89 commented Aug 19, 2018

I was sure all the inputs were sanitising data but appears not. I suppose at this point an attacker would already have access to your admin dashboard so the site would already be compromised.

I'll try get time to fix it in the next few days!

@3072L 3072L mentioned this issue Apr 12, 2020
Closed
@havok89 havok89 linked a pull request May 1, 2020 that will close this issue
Fix for XSS #55
Merged
@havok89 havok89 closed this as completed May 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix for XSS havok89/Hoosk
2 participants
@havok89 @Hu3sky