You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have identified a critical security issue on our website: an Stored XSS (Cross-Site Scripting) vulnerability. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized access to sensitive information, unauthorized actions on the website, or complete control over users' browsers.
Function /admin: System, Utility event, , content, marketing, member, merchandise
When u add, edit some content to
<img src=x onerror=alert(1)>
it will pop up an alert box -> we can use that to do everything that javascript can do (steel admin'scookie , redirect to others website,...)
The text was updated successfully, but these errors were encountered:
We have identified a critical security issue on our website: an Stored XSS (Cross-Site Scripting) vulnerability. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized access to sensitive information, unauthorized actions on the website, or complete control over users' browsers.
Function /admin: System, Utility event, , content, marketing, member, merchandise
it will pop up an alert box -> we can use that to do everything that javascript can do (steel admin'scookie , redirect to others website,...)
The text was updated successfully, but these errors were encountered: