Created
January 10, 2018 15:15
-
-
Save anonymous/13df19c04c7e86c0f5256b91376d593a to your computer and use it in GitHub Desktop.
Website Baker XSS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Stored Cross Site Scripting (XSS) | |
Website Baker CMS | |
Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities | |
in the files /wb/admin/admintools/tool.php (Droplet Description) and | |
/install/index.php (Site Title) in WebsiteBaker 2.10.0 allow | |
attackers to insert persistent JavaScript code that gets reflected | |
back to users in multiple areas in the application. | |
The vendor was informed about the vulnerabilities but lacks fixing also already known vulnerabilities. | |
Affected Product Code Base | |
Website Baker - 2.10.0 | |
Affected Components: | |
/wb/admin/admintools/tool.php | |
/install/index.php | |
Attackers are able to insert persistent JavaScript code into the | |
application by abusing unfiltered form fields. | |
Sample Payload: | |
<script>alert(document.location)</script> | |
Assigned CVE: | |
CVE-2017-16514 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment