New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XSS in admin.php #489
Comments
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000826 has been assigned for this vulnerability. |
peter-mw
added a commit
that referenced
this issue
Dec 27, 2018
|
hi, thanks for report. the issue is fixed now |
|
Nice job on the patch! |
|
@peter-mw In what release will this fix be included? |
|
@peter-mw ping? |
|
hi, this is fixed as of version 1.1.2 will tag the missing releases soon |
|
Thanks a lot! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Issue
Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser. This may lead to unauthorised actions being performed, unauthorised access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.
Where the Issue Occurred
The code below displays the user-controlled variable without sufficient sanitisation:
microweber/userfiles/modules/users/login/templates/admin.php
Line 114 in 0c60184
The text was updated successfully, but these errors were encountered: