New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple Persistent Cross Site Scripting Vulnerabilities #412
Comments
https://github.com/imsebao/404team/blob/master/radiantcms.md Also disclosed some XSS in this software recently. |
What i have reported is a different one than https://github.com/imsebao/404team/blob/master/radiantcms.md Please go to the settings page. The vulnerabilities that i have found are at different location: http://demo.radiantcms.org/admin/configuration and affects multiple parameters within this page: a. Personal Preferences : Name and Username |
Please share your plans regarding fixing these issues. |
You do realize this is a public bug tracker? You've already made the details public. |
@Sud0-su patches are welcome |
@Sud0-su Was this vulnerability only introduced in v1.1.4? Did it exist in previous versions? |
1. Introduction
Vendor : Radiant
Affected Product : Radiant CMS 1.1.4
Vendor Website : http://radiantcms.org/
Vulnerability Type : Persistent XSS
Remote Exploitable : Yes
2. Overview
Technical Description:
There are multiple Persistent XSS vulnerabilities in Radiant Content Management System. These vulnerabilities exists due to insufficient filtration/sanitization of user-supplied data.
3. Affected Modules
This affects multiple parameters within:
a. Personal Preferences : Name and Username
b. Configuration : Site Title, Dev Site Domain, Page Parts, and Page Fields
4. Impact
A remote attacker may leverage this issue to execute arbitrary script code in the browser of victim in the context of the affected CMS.
5. Payload
<script>alert('XSS')</script>6. Credit
Suparna Kachroo (@Sud0__su)
The text was updated successfully, but these errors were encountered: