chivato

### Summary An authenticated user can use a path traversal attack (`../`) in the site settings page to include and run PHP files that exist outside of the webroot. ###...

Reflected XSS in "/hashtag/hashtag.php"

3

A reflected XSS vulnerability exists in /hashtag/hashtag.php here (lines 19-21): ``` | Wallstant ``` An example URL to exploit said reflected XSS would be: - http://localhost/hashtag/hashtag.php?tag=%3C/title%3E%3Cscript%3Ealert();%3C/script%3E ...

CSRF can be chained with XSS to perform a one click account takeover.

1

# Summary In the latest version of SiberianCMS, there is a massive lack of AntiCSRF tokens on the system administration site. Due to this, a malicious attacker can formulate a...

Add more years