Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cross Site Scripting Vulnerability On Feehi CMS #64

Closed
Curta1n-7 opened this issue Aug 30, 2022 · 2 comments
Closed

Cross Site Scripting Vulnerability On Feehi CMS #64

Curta1n-7 opened this issue Aug 30, 2022 · 2 comments

Comments

@Curta1n-7
Copy link

Curta1n-7 commented Aug 30, 2022

Hi i found an xss vulnerability on Feehi CMS backend

What is XSS?

Attacker can inject and executee javascript code to webpage.
ceshi

log in the user in the background
1
.png)
So attacker can inject javascript code into webpage using form request.

@liufee
Copy link
Owner

liufee commented Aug 31, 2022

admin allows user input everything, they log system have record the settings for who saved what.

@liufee liufee closed this as completed Aug 31, 2022
@Curta1n-7
Copy link
Author

You can put a limit on this, if someone gets an account with one of the admins, they can execute JavaScript code on the user accessing the site

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants