Stored XSS Vulnerability feehicms

[shivamking05675]

Stored XSS, also known as persistent XSS, is more damaging than non-persistent XSS. It occurs when a malicious script is injected directly into a vulnerable web application.

Step To Reproduce:

Vulnerable cms URL: https://demo.cms.feehi.com/
Vulnerable Parameter: Comment_nickname:

1-Sing-up https://demo.cms.feehi.com/
2-Inject The XSS Payload in Username: "><script>alert(232)</script> fill all required fields and click the SignUp button
3-Go to any article then XSS will trigger.

Impact:

An XSS attack allows an attacker to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim, or for phishing attacks.

[liufee]

fixed
5e5346e

[shivamking05675]

You doesn't provide any CVE? Of this vulnerability

[shivamking05675]

Stored XSS, also known as persistent XSS, is the more damaging. It occurs when a malicious script is injected directly into a vulnerable web application like malware, account hijacking etc.

Almost all cms provide a stored XSS CVE : https://www.cvedetails.com/vulnerability-list/opxss-1/xss.html

Please assigned a CVE,,

[shivamking05675]

Hello Team,

Why did You delete a Message about an XSS Comment?

CMS provides a stored XSS CVE: https://www.cvedetails.com/vulnerability-list/opxss-1/xss.html

If you are not assigned a CVE of this vulnerability, then I'm Sending a Report to https://cve.mitre.org For Request a CVE ID and Also Told Your Misbehaviour.

Please assigned a CVE.
Thanks Team

[liufee]

Register a user, the username only allows alphabet, numbers and -

[liufee]

@shivamking05675 Thanks~