| Title | automad<=1.10.9 Stored Cross-Site Scripting(XSS) |
|---|
| Description | The system Client doesn't properly sanitise POST parameter, which result into a Stored Cross-Site Scripting(XSS).
1,After installing the program, log in to the background system, modify the website title and inject attack code, and then submit
2,Visiting the home page of the website will trigger the code
https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting(XSS).md |
|---|
| Source | ⚠️ https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting(XSS).md |
|---|
| User | webray.com.cn (UID 24778) |
|---|
| Submission | 04/29/2022 11:33 (4 years ago) |
|---|
| Moderation | 04/29/2022 14:06 (3 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 198706 [automad up to 1.10.9 Dashboard Title cross site scripting] |
|---|
| Points | 20 |
|---|