Cross Site Scripting (XSS) in Members Add #895
Comments
|
Why would a person that has access to admin panel dot this type? Just curious how you see it. |
|
A person who has infiltrated the system can try all means from a malicious point of view. And that's one of the options he could look at |
|
I want to get cve like this. A cve has been given in your previous products for such clarity. Can you help me? Thanks. |
|
stop alert
…On Wed, Dec 21, 2022 at 1:47 AM Sinem Şahin ***@***.***> wrote:
@vbezruchkin <https://github.com/vbezruchkin>
—
Reply to this email directly, view it on GitHub
<#895 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AF3MRRIWQKRETKRDLTE3JR3WOHWMFANCNFSM6AAAAAARAIMDKI>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Cross Site Scripting (XSS) in the fiekd tooltip section of the members add page.
version: 4.2.1
To Reproduce
Steps to reproduce the behavior:
Go to 'CMS Field Add page'
Insert into a XSS payload in tooltip section
And XSS save
Go to 'Members add page'
xss payload works automatically
The text was updated successfully, but these errors were encountered: