This repository has been archived by the owner on Jan 1, 2020. It is now read-only.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.
You signed out in another tab or window. Reload to refresh your session.
details
in redaxo/src/addons/mediapool/pages/index.php:32
The value of $opener_input_field is obtained from an HTTP request and is a string.
in redaxo/src/addons/mediapool/pages/index.php:99
This directly outputs $opener_input_field to the js code. Causing XSS vulnerabilities.
POC
The user directly accesses the URL if the user has logged in.
http://localhost/redaxo/index.php?page=mediapool/media&opener_input_field=%3C/script%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
XSS will be triggered as shown:

Credit: ADLab of VenusTech
The text was updated successfully, but these errors were encountered: