Open
Description
Hi, I have found a stored XSS vulnerability. Not same with issue #427 . The trigger is in page's content section, not title section.
Steps to replicate:
- log into the system as an editor role
- creat a new page in the blog catalog
- navigate to content section
- enter payload as shown in below section
<script>alert(document.cookie)</script> - visit http://<your_site>/monstra/blog/<page_name>.php
- you will triage JavaScript execution
Impacts:
Anyone who visit the target page will be affected to triage JavaScript code, including administrator, editor, and guest.
Affected Version:
3.0.4
Affected URL:
http://<your_site>/monstra/blog/<page_name>.php
Metadata
Metadata
Assignees
Labels
No labels