oss-sec mailing list archives
Cross Site Scripting | Alkacon OpenCMS v10.5.4 and before
From: Pramod Rana <varchashva () gmail com>
Date: Tue, 30 Apr 2019 16:11:25 +0530
Description - OpenCMS v10.5.4 and before is vulnerable to cross site scripting in New User module for parameter First Name and Last Name - Impacted URL is http:// [your_webserver_ip]/opencms/system/workplace/admin/accounts/user_new.jsp - Payload used is "TestXSS<img+src=x+onmouseover=alert(document.domain)" Further details - https://github.com/alkacon/opencms-core/issues/635 Already requested for CVE, yet to receive it.
Current thread:
- Cross Site Scripting | Alkacon OpenCMS v10.5.4 and before Pramod Rana (Apr 30)