Summary:
Stored cross-site scripting (XSS) in News > Add Article
Detailed Description:
1)Login the application with admin credentials
2)Go to the Content > News > Add Article .
3)Create a new image in jpg format and rename the file by payload <IMG src=x
onerror=alert(document.cookie)>.jpg
4)Click on Add Article > fill necessary details than upload modified jpg file(
rename by payload) and submit form.
5)XSS payload executed after refresh the page and on edit page .
Back to List