CMS MADE SIMPLE FORGE

CMS Made Simple Core

 

[#12149] Stored cross-site scripting (XSS) in News > Add Article

avatar
Created By: Neelima Bawa (Neelima)
Date Submitted: Thu Sep 19 13:55:21 -0400 2019

Assigned To:
Version: 2.2.11
CMSMS Version: 2.2.11
Severity: Major
Resolution: None
State: Open
Summary:
Stored cross-site scripting (XSS) in News > Add Article
Detailed Description:
1)Login the application with  admin credentials
2)Go to the Content > News  > Add Article . 
3)Create a new image in jpg format and rename the file by payload <IMG src=x
onerror=alert(document.cookie)>.jpg
4)Click on Add Article > fill necessary details than upload modified jpg file(
rename by payload)  and submit form.
5)XSS payload executed after refresh the page and on edit page .


History