You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[Suggested description]
There is a storage XSS vulnerability in the background / admin / contenttemp module of doracms system. The user can access index HTML and 404 HTML page number will trigger JS pop-up.
[Vulnerability proof]
Step 1: log in to doracms and visit the admin / contenttemp page at URL: http://127.0.0.1:8080/admin/contentTemp。As can be seen from the figure below, the template is a page frequently visited by users, such as 404 html、index. html。
Step 2: enter the JS code < script > alert (1) < / script > in the template, as shown in the following figure.
Step 3: after saving the changes, visit 404 HTML and index HTML, trigger JS code execution pop-up window.
The text was updated successfully, but these errors were encountered:
[Suggested description]
There is a storage XSS vulnerability in the background / admin / contenttemp module of doracms system. The user can access index HTML and 404 HTML page number will trigger JS pop-up.
[Vulnerability Type]
Storage XSS vulnerability
[Vendor of Product]
https://github.com/doramart/DoraCMS
[Affected Product Code Base]
DoraCMS v2.1.8
[Attack Type]
Remote
[Impact Code execution]
true
[Vulnerability proof]
Step 1: log in to doracms and visit the admin / contenttemp page at URL: http://127.0.0.1:8080/admin/contentTemp。As can be seen from the figure below, the template is a page frequently visited by users, such as 404 html、index. html。
Step 2: enter the JS code < script > alert (1) < / script > in the template, as shown in the following figure.
Step 3: after saving the changes, visit 404 HTML and index HTML, trigger JS code execution pop-up window.
The text was updated successfully, but these errors were encountered: