Skip to content

Cross-Site Scripting (XSS) in "admin/pages.php?action=add_new" #23

Open
@tuando243

Description

A Cross Site Scripting vulnerabilty exists in Pixelimity via the Page Title field in pixelimity/admin/pages.php?action=add_new

Step to exploit:

  1. Login as admin.
  2. Navigate to http://127.0.0.1/pixelimity/admin/pages.php and click on Add New.
  3. Insert XSS payload (<script>alert(1)</script>) in the "Title" field and click on Publish Page.

Screenshot 2022-04-01 at 20 20 36

Screenshot 2022-04-01 at 19 58 46

Proof of concept (Poc):

<script>alert(1)</script>

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions