You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found a XSS in the configuration section. The fields affected are: Site Name, Site Domain and Dev Site Domain.
PoC:
You only need to go to settings page and edit the fields commented with a XSS code like ">< img src='' onerror=alert(23); >. When you go after this to settings page you can see the alert injected.
Regards.
The text was updated successfully, but these errors were encountered:
Hi,
I found a XSS in the configuration section. The fields affected are: Site Name, Site Domain and Dev Site Domain.
PoC:
You only need to go to settings page and edit the fields commented with a XSS code like ">< img src='' onerror=alert(23); >. When you go after this to settings page you can see the alert injected.
Regards.
The text was updated successfully, but these errors were encountered: