提出 #249813: Automad Automad CMS <= 1.10.9 Stored Cross-Site Scripting (XSS)情報

タイトルAutomad Automad CMS <= 1.10.9 Stored Cross-Site Scripting (XSS)
説明Finding Name: Multiple Stored Cross-site scripting (XSS) Description: It was discovered that the application does not validate user input and lacks implementation of sanitization for several parameters, leaving it susceptible to Cross-Site Scripting (XSS) attacks. Affected Parameters: General Data - sitename Default Template Setting: - ogImage - itemsHeader - brand - placeholderSearch - iconNav - itemsFooter - SearchResults Default Colors: - colorPageText - colorPageBackground - colorPageBorder - colorCardText - colorCardBackground - colorCardBorder - colorCodeBackground - colorNavbarText - colorNavbarBackground - colorNavbarBorder Affected Files: - packages\standard\templates\post.php (Line: 6, 22, 67, 76) - packages\standard\templates\elements\navbar.php (Line: 19, 35, 65, - packages\standard\templates\elements\icon_title.php (Line: 1) - packages\standard\templates\elements\colors.php (Line: 1-10) - packages\standard\templates\elements\colors_header.php (Line: 1-3) Step To Reproduce: 1. Login to the application and navigate to the “General Data and Files” menu 2. Input the payload on the affected fields or parameter such as `<svg onload=alert("Sitename")//
ソース⚠️ https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Stored%20Cross%20Site%20Scripting%20(XSS)
ユーザー
 Maland (UID 59886)
送信2023年12月09日 18:07 (3 年 ago)
モデレーション2023年12月21日 09:19 (12 days later)
ステータス承諾済み
VulDBエントリ248684 [automad 迄 1.10.9 Setting post.php sitename クロスサイトスクリプティング]
ポイント20

Do you need the next level of professionalism?

Upgrade your account now!