This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Additional Information] | |
> Steps for reproduction: | |
> 1. Navigate to System and then move to Language section. | |
> | |
> 2. Select the language to "Italiano" | |
> | |
> 3. Click on "save changes" and intercept the POST request for the same. | |
> | |
> 4. Replace the selected "language" parameter with payload <img src=/ onerror=alert(1)> | |
> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> [Additional Information] | |
> Steps for reproduction: | |
> 1. Navigate to Files "http://localhost/FrogCms/admin/?/plugin/file_manager/browse// " section. | |
> | |
> 2. Click on Create New "File" Or "Directory" | |
> | |
> 3. Keep the file name as a malicious payload eg: <script>alert(1)</script> | |
> | |
> 4. Click "OK" to save and create new file or directory | |
> |