Cross Site Scripting Vulnerability on "Theme Manager" feature in PHP-Fusion 9.03.60 (New Version)

**Describe the bug**
An authenticated malicious user can take advantage of a Reflected XSS vulnerability in the "Thêm Manager" feature. This was can be bypassed by using HTML event handlers, such as "ontoggle".

**To Reproduce**
Steps to reproduce the behavior:
1. Log into the panel.
2. Go to "/administration/theme.php"
3. Click "Manage Theme"
4. Insert payload `'><details/open/ontoggle=confirm(/XSS/)>`
5. Click "Save Changes"
6. View the preview to trigger XSS.
7. View the preview to get in request and such Reflected  XSS

**Expected behavior**
The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page.

**Screenshots**
![2](https://user-images.githubusercontent.com/29293812/82171532-d6698000-98f1-11ea-8a56-de19c0d60fe3.PNG)
![1](https://user-images.githubusercontent.com/29293812/82171540-d9fd0700-98f1-11ea-975b-b5db600ba024.PNG)

**Desktop (please complete the following information):**
 - OS: Windows
 - Browser: Firefox
 - Version: 76.0.1




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Cross Site Scripting Vulnerability on "Theme Manager" feature in PHP-Fusion 9.03.60 (New Version) #2326

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Cross Site Scripting Vulnerability on "Theme Manager" feature in PHP-Fusion 9.03.60 (New Version) #2326

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions