cms icon indicating copy to clipboard operation
cms copied to clipboard
verified publisher icon liufee

Cross Site Scripting On Image Upload Via File Name

Open ghost opened this issue 4 years ago • 0 comments

Hi i found cross site scripting vulnerability on Feehi CMS via image upload.

POC:

  1. Go to https://demo.cms.feehi.com/admin/index.php?r=article%2Fupdate&id=postid
  2. Click on text editor and upload image with file name ">.jpg
  3. You got alert

https://youtu.be/c3j-NZY65fQ

ghost avatar Jul 03 '21 14:07 ghost