| Titel | WolfCMS | Cross Site Scripting | v0.8.3.1 and before |
|---|
| Beschreibung | WolfCMS v0.8.3.1 and before is vulnerable to cross site scripting in module User Add for parameter Name.
Impacted URL is http://[your_webserver_ip]/wolfcms/?/admin/user/add
Payload used for proof-of-concept is "TestXSS><img src=x onmousover=alert(document.cookie)>
Further details available here - https://github.com/wolfcms/wolfcms/issues/683 |
|---|
| Quelle | ⚠️ https://github.com/wolfcms/wolfcms/issues/683 |
|---|
| Benutzer | pramodrana (UID 2935) |
|---|
| Einreichung | 07.05.2019 14:27 (vor 7 Jahren) |
|---|
| Moderieren | 16.05.2019 09:26 (9 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 135125 [WolfCMS bis 0.8.3.1 User Add add Name Cross Site Scripting] |
|---|
| Punkte | 19 |
|---|