Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stored XSS vulnerability in version 3.5.3 and lower #660

Closed
geek-repo opened this issue May 18, 2020 · 0 comments · Fixed by #661
Closed

Stored XSS vulnerability in version 3.5.3 and lower #660

geek-repo opened this issue May 18, 2020 · 0 comments · Fixed by #661

Comments

@geek-repo
Copy link

XSS vulnerability exists in admin page while adding a new administrator in the Login name field.

Steps to Reproduce:

  1. Login as administrator

  2. Navigate to the "Manage administrators" under config.

  3. Click on "Add new admin"

  4. Inject the payload in the Login name field

Payload: <script>alert(1)</script>

  1. Enter any other required details and click on "Save changes"

POC:
JtC4FY0f38

@geek-repo geek-repo changed the title XSS vulnerability in version 3.5.3 and lower Stored XSS vulnerability in version 3.5.3 and lower May 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant