XSS vulnerability
3as0n opened this issue · 1 comments
3as0n commented
https://github.com/symphonycms/symphonycms/blob/master/symphony/content/content.blueprintsevents.php
$about = General::array_map_recursive('stripslashes', $existing->about());
....
....
....
$this->appendSubheading(($isEditing ? $about['name'] : __('Untitled')))
....
....
....
public function appendSubheading($value, $actions = null)
{
if (!is_array($actions) && $actions) { // Backward compatibility
$actions = array($actions);
}
if (!empty($actions)) {
foreach ($actions as $a) {
$this->insertAction($a);
}
}
$this->Breadcrumbs->appendChild(new XMLElement('h2', $value, array('role' => 'heading', 'id' => 'symphony-subheading')));
}
Here data from $_POST to HTML allows attacker to trigger an XSS with payload llike fields['name']=a<script>alert(1)</script>
3as0n commented