[BUG] Found Xss Stored vuln in Administration page #271
Labels
bug
Something isn't working
Comments
|
Indeed no page of the admin panel is protected against XSS, it should be but we felt that if you have access to the admin panel you are someone you can trust |
|
For the cookies, if you have access to the file you can also do anything with cookies and customer information |
|
I just successfully hijacked a customer Dashboard but if you think it's normal letting this kind of vulnerability this is your choice. |
|
It's not really a choice, but yes it would be nice to take 2-3 hours to make the necessary changes |
|
We will add protection for the XSS on panel admin in no time :p |
|
It's good |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug | Décrivez le bug
Edit members from admin panel allow us using Xss Stored vulnerability
To Reproduce | Pour reproduire le bug
Steps to reproduce the behavior: | Étapes pour reproduire le bug :
Go to Membres -> Edit any
Set the user name to <script>alert("XSS");</script>
Then save
It allow us using Stored Xss vulnerability. Which would allow us stoling visitors cookies and more other fun facts
The text was updated successfully, but these errors were encountered: