CMS MADE SIMPLE FORGE

CMS Made Simple Core

Back to List

[#12317] XSS on Settings News Module

Created By: rahul gautam (G@merited)

Date Submitted: Fri May 29 08:18:14 -0400 2020

Assigned To: Ruud van der Velden (ruudvdvelden)

Version: 2.2.14

CMSMS Version: 2.2.14

Severity: Minor

Resolution: Fixed

State: Closed

Summary:

XSS on Settings News Module

Detailed Description:

hello,

I discovered an XSS on Settings News Module

steps to reproduce,
1)  Go to field Definitions
2) click on add Field Definition
3) Inject xss payload <script>alert(1)</script> for example
4) add
XSS fires

Preventive measure:
Encode html elements of tags

History

Date: 2020-09-18 10:00
Posted By: Ruud van der Velden (ruudvdvelden)

Quicly fixed in svn.
Better fixes are planned for a bigger update.
Thanks for reporting

Date: 2020-09-19 10:24
Posted By: rahul gautam (G@merited)

Thanks for your respnse :) no problem :)

Date: 2020-11-03 14:22
Posted By: Rolf (rolf1)

CMSMS 2.2.15 has been released

Updated: 2020-11-03 14:22
state: Open => Closed

Updated: 2020-09-18 10:00
resolution_id: => 7
assigned_to_id: 12532 => 18365

CMSMS | CMS Made Simple

CMS MADE SIMPLE FORGE

CMS Made Simple Core

[#12317] XSS on Settings News Module

History