cms icon indicating copy to clipboard operation
cms copied to clipboard

Published 20 hours ago verified publisher icon gleez

Stored XSS in profile page

Open ghost opened this issue 6 years ago • 2 comments

Description: Cross-site scripting (XSS) vulnerability in Gleez CMS allow remote attackers (users) to inject arbitrary Javascript or HTML via the profile page editor, which will result in a Stored XSS on his public profile.

Vulnerability Type: Stored XSS

Attack Vectors:

  1. Go to your profile page editor https://demo.gleezcms.org/user/edit
  2. Set your home page URL to : http://x.x/<svg onload=alert(document.cookie)>

Now when someone will check your profile page, alert(document.cookie) will be executed.

ghost avatar Jul 18 '18 11:07 ghost

Thank you for pointing out. We’re looking into an xss library to be used to clean the data

Very soon we will update.

On 18-Jul-2018, at 4:35 PM, DrStacheWH [email protected] wrote:

Description: Cross-site scripting (XSS) vulnerability in Gleez CMS allow remote attackers (users) to inject arbitrary Javascript or HTML via the profile page editor, which will result in a Stored XSS on his public profile.

Vulnerability Type: Stored XSS

Attack Vectors:

Go to your profile page editor https://demo.gleezcms.org/user/edit Set your home page URL to : http://x.x/ Now when someone will check your profile page, alert(document.cookie) will be executed.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

anupriya17 avatar Jul 18 '18 11:07 anupriya17

Has there been an update regarding this vulnerability? Thanks.

NicoleG25 avatar Dec 26 '19 08:12 NicoleG25