lsplugin-admin icon indicating copy to clipboard operation
lsplugin-admin copied to clipboard

Published 20 hours ago verified publisher icon livestreet

XSS Vulnerability v2.0.1

Open zxc7528064 opened this issue 4 years ago • 6 comments

Affected software : livestreet CMS

Version : v.2.0.1

Type of vulnerability : XSS (Cross-Site Scripting)

Author : Noth

Description: livestreet CMS is susceptible to cross-site scripting attacks, allowing malicious users to inject code into web pages, and other users will be affected when viewing web pages

Step 1 : login system 3

Step 2 : go to “/LiveStreet_2.0.1/admin/settings/config/main/” page

Step 3 : insert "XSS" test grammar in "Название сайта" and save it. 4

step 4 : Back to the front desk 6

zxc7528064 avatar May 31 '20 13:05 zxc7528064

This page available only for site admin

lifecom avatar Jun 01 '20 09:06 lifecom

@lifecom Hi ~ Reply this Security issue to you, hope you can fix it . This is a Stored XSS !

zxc7528064 avatar Jun 01 '20 11:06 zxc7528064

Благодарю за помощь. Вы можете сделать вилку и работать с проектом как со своим

oleg-demidov avatar Jun 03 '20 04:06 oleg-demidov

@olezhikz Thank you

zxc7528064 avatar Jun 03 '20 06:06 zxc7528064

@olezhikz Can I use this Security apply a CVE ID ?
https://cve.mitre.org/

Regards,

zxc7528064 avatar Jul 27 '20 14:07 zxc7528064

@olezhikz

zxc7528064 avatar Aug 02 '20 09:08 zxc7528064