XSS Vulnerability v2.0.1

Question

XSS Vulnerability v2.0.1

zxc7528064 opened this issue 4 years ago · comments

Noth commented 4 years ago

Affected software : livestreet CMS

Version : v.2.0.1

Type of vulnerability : XSS (Cross-Site Scripting)

Author : Noth

Description:
livestreet CMS is susceptible to cross-site scripting attacks, allowing malicious users to inject code into web pages, and other users will be affected when viewing web pages

Step 1 : login system

Step 2 : go to “/LiveStreet_2.0.1/admin/settings/config/main/” page

Step 3 : insert "XSS" test grammar in "Название сайта" and save it.

step 4 : Back to the front desk

Paul · Answer 1 · Sun May 31 2020 21:46:04 GMT+0800 (China Standard Time)

its https://github.com/livestreet/lsplugin-admin

Noth · Answer 2 · Sun May 31 2020 22:02:32 GMT+0800 (China Standard Time)

@Xmk Thanks ~ !

jenokizm · Answer 3 · Sun May 31 2020 23:28:38 GMT+0800 (China Standard Time)

this is inside the admin panel, it is not dangerous, it is stupid that you reported it at all

Noth · Answer 4 · Sun May 31 2020 23:30:39 GMT+0800 (China Standard Time)

@jenokizm This is Stroed XSS