CMS MADE SIMPLE FORGE

CMS Made Simple Core

 
Back Back to List

[#12093] Cross-site Scripting vulnerability in Content Manager module of CMS Made Simple

avatar
Created By: feioklucy (feioklucy)
Date Submitted: Tue Aug 06 02:42:44 -0400 2019

Assigned To:
Version: 2.2.10
CMSMS Version: 2.2.10
Severity: Minor
Resolution: Invalid
State: Closed
Summary:
Cross-site Scripting vulnerability in Content Manager module of CMS Made Simple
Detailed Description:
Hello CMSMS Team,

I am reaching out to report a Stored XSS vulnerability via Content Manager
module feature from CMS Made Simple version 2.2.10. 
Steps to reproduce:
- Navigate to Admin Dashboard
- Click on Content -> Content Manager Module
- Click on "Add New Content"
- Click on "Logic"
- In "Smarty data or logic that is specific to this page" field, input payload:
<img src=# onerror="alert(1)">
- Click "Submit"
- After submitting, payload will be executed every time we click on  "View this
page in another window " .


History

Updates

Updated: 2020-03-30 13:15
state: Open => Closed

Updated: 2019-09-28 16:07
resolution_id: => 9