Open
Description
Hi, I have found a stored Cross Site Scripting Vulnerability.
Steps to replicate:
- log into the system as an administrator role;
- enter page: http://your_site/frogcms/admin/?/setting, and click Settings option;
- navigate to "Admin Site title" section
- enter payload as shown in below section:
Frog CMS1</a><img src=1 onerror="alert()" /><a> - visit http://your_site/frogcms/admin/?/login, you will triage JavaScript execution
Impacts:
Anyone who visit the target page will be affected to triage JavaScript code, including administrator, editor, developer, and guest.
Affected Version:
0.9.5
Affected URL:
http://your_site/frogcms/admin/?/login
Metadata
Metadata
Assignees
Labels
No labels