CMS MADE SIMPLE FORGE

CMS Made Simple Core

 

[#12146] Stored Cross-site Scripting Vulnerability in content > file Manager

avatar
Created By: Neelima Bawa (Neelima)
Date Submitted: Thu Sep 19 03:34:34 -0400 2019

Assigned To:
Version: 2.2.11
CMSMS Version: 2.2.11
Severity: Critical
Resolution: None
State: Closed
Summary:
Stored Cross-site Scripting Vulnerability in content > file Manager
Detailed Description:
1) Login into the application with the admin.
2) in the content tab > file manager > upload images .
3) create a new image (jpeg format) file and rename  the file with the following
payload <img src=x onerror=alert(document.cookie)>.jpeg
4) browse and upload the modified payload file to execute the stored XSS.
5) the XSS payload will get executed after file upload.



History

Updates

Updated: 2019-10-15 16:05
resolution_id: => 5
state: Open => Closed