Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS in GeniXCMS v1.0.2(latest) #73

Closed
superfish9 opened this issue May 3, 2017 · 7 comments
Closed

XSS in GeniXCMS v1.0.2(latest) #73

superfish9 opened this issue May 3, 2017 · 7 comments
Assignees
Labels

Comments

@superfish9
Copy link

superfish9 commented May 3, 2017

Register a user and submit a page, which contents xss payload <b/oncut=&#97;&#108;&#101;&#114;&#116;&#40;&#49;&#41;>M
wx20170504-023209 2x
When other users view this page, XSS will take effect.
wx20170504-023031 2x

@fgeek
Copy link

fgeek commented May 5, 2017

This is CVE-2017-8762.

@superfish9
Copy link
Author

Discovered by Knownsec.

@semplon semplon closed this as completed Sep 5, 2017
@fgeek
Copy link

fgeek commented Sep 5, 2017

@semplon What release or commit fixes this vulnerability?

@semplon
Copy link
Owner

semplon commented Sep 5, 2017

this commit i think, e0ad60b
it nothing happen when i test it

@semplon
Copy link
Owner

semplon commented Sep 5, 2017

i'm wrong, this issue is still not fixed yet.

sorry

@semplon semplon reopened this Sep 5, 2017
@semplon semplon self-assigned this Sep 5, 2017
semplon pushed a commit that referenced this issue Sep 5, 2017
@fgeek
Copy link

fgeek commented Sep 8, 2017

@semplon Could you create new release when you have completely fixed this vulnerability, thanks?

@semplon
Copy link
Owner

semplon commented Sep 9, 2017

sure @fgeek

semplon pushed a commit that referenced this issue Sep 11, 2017
Security and Bug Fix
Version 1.1.1
@semplon semplon closed this as completed Sep 11, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants