| शीर्षक | Total.js CMS 10 Cross Site Scripting |
|---|
| विवरण | Total.js Flow v10 (versão 1.0.0, Total.js v5012)
Stored Cross-Site Scripting
The administration endpoint allows saving a layout whose HTML field contains tags with event handlers (e.g., onerror). This content is displayed “as is” in the layout view/edit page. When the saved layout is opened, the browser executes the embedded JavaScript, confirming the exploitation.
In the administrative area, navigate to Layouts.
Send a POST request to /admin/ with the schema layouts_save, defining the html field with the payload:
{
"schema": "layouts_save",
"data": {
"name": "xss",
"color": "#873323",
"html": "<img src=x onerror=alert(1)>"
}
}
When clicking on the XSS layout (route similar to /admin/layouts/<ID>/), the application renders the content of the html field. The tag <img src=x onerror=alert(1)> attempts to load an invalid image, triggers the onerror event, and executes alert(1). |
|---|
| स्रोत | ⚠️ http://x.x.x.x:8000/admin/layouts/ |
|---|
| उपयोगकर्ता | Edcarlos (UID 53778) |
|---|
| सबमिशन | 10/09/2025 08:16 AM (8 महीनों पहले) |
|---|
| संयम | 25/09/2025 07:42 AM (15 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 325810 [Total.js CMS 1.0.0 Layout Page /admin/ layouts_save HTML क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 20 |
|---|