a stored cross-site scripting (XSS) in maxsite cms version 108 targeted towards web admin through ~/admin/page_edit/3 at via the parameter f_tags.
Navigate to admin page, ~/admin/page_edit/ and make a new page
click in "Рубрики и метки">"Метки (через запятую)"
insert xss payload "><svg onload=alert(1111)> in the parameter f_tags
4. click save
You will observe that the payload successfully got stored into the database and when you are triggering the same functionality at that time JavaScript payload gets executed successfully and we'll get a pop-up.
The text was updated successfully, but these errors were encountered:
Stored-Cross-Site-Scripting (XSS)(authenticated)
a stored cross-site scripting (XSS) in maxsite cms version 108 targeted towards web admin through ~/admin/page_edit/3 at via the parameter f_tags.
"><svg onload=alert(1111)>in the parameter f_tags4. click save
You will observe that the payload successfully got stored into the database and when you are triggering the same functionality at that time JavaScript payload gets executed successfully and we'll get a pop-up.
The text was updated successfully, but these errors were encountered: