An authenticated malicious user can take advantage of a Stored XSS vulnerability in the "Menu Preferences" feature.
Impact
Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.
Steps to reproduce
Log into the Admin.
Go to "Menu Preferences"
Click "Custom fields"
Insert payload to Fields name:
'><details/open/ontoggle=confirm(1337)>
Click Icon Textpattern:
Additional information
Textpattern version: 4.8.1
The text was updated successfully, but these errors were encountered:
Thank you for the report. Although it's a low-level vector (since the only people that can set Custom Field labels are Managing Editors and higher, whom should be inherently trusted), sanitizing the label is good practice as they're not supposed to contain any dubious characters.
This is now fixed in the upcoming 4.8.2 release in commit 8623928. Please test and ensure it has no unintended consequences.
Expected behaviour
An authenticated malicious user can take advantage of a Stored XSS vulnerability in the "Menu Preferences" feature.
Impact
Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.
Steps to reproduce
'><details/open/ontoggle=confirm(1337)>
Additional information
Textpattern version: 4.8.1
The text was updated successfully, but these errors were encountered: