-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Found Xss Stored vuln in Administration page #271
Comments
Indeed no page of the admin panel is protected against XSS, it should be but we felt that if you have access to the admin panel you are someone you can trust |
For the cookies, if you have access to the file you can also do anything with cookies and customer information |
I just successfully hijacked a customer Dashboard but if you think it's normal letting this kind of vulnerability this is your choice. |
It's not really a choice, but yes it would be nice to take 2-3 hours to make the necessary changes |
We will add protection for the XSS on panel admin in no time :p |
It's good |
Describe the bug | Décrivez le bug
Edit members from admin panel allow us using Xss Stored vulnerability
To Reproduce | Pour reproduire le bug
Steps to reproduce the behavior: | Étapes pour reproduire le bug :
Go to Membres -> Edit any
Set the user name to <script>alert("XSS");</script>
Then save
It allow us using Stored Xss vulnerability. Which would allow us stoling visitors cookies and more other fun facts
The text was updated successfully, but these errors were encountered: