monstra-cms/monstra

There is a stored XSS vulnerability that can triage JavaScript code

Opened this issue · 0 comments

magicming200 commented

Hi, I have found a stored XSS vulnerability. Not same with issue #427 . The trigger is in page's content section, not title section.

Steps to replicate:

  1. log into the system as an editor role
  2. creat a new page in the blog catalog
  3. navigate to content section
  4. enter payload as shown in below section
    <script>alert(document.cookie)</script>
  5. visit http://<your_site>/monstra/blog/<page_name>.php
  6. you will triage JavaScript execution

Impacts:
Anyone who visit the target page will be affected to triage JavaScript code, including administrator, editor, and guest.

Affected Version:
3.0.4

Affected URL:
http://<your_site>/monstra/blog/<page_name>.php