Cross-site Scripting (XSS) - Generic in forkcms/forkcms
Valid
Reported on
Sep 13th 2020
Description
ForkCMS is an easy to use open source CMS using Symfony Components this package is vulnerable to Stored Cross-Site Scripting (XSS).
https://github.com/forkcms/forkcms
Steps To Reproduce-:
- install https://github.com/forkcms/forkcms locally or https://demo.fork-cms.com/private/ use demo
- login as admin
- in settings the
Translactionfunction can be misuused to run javascript payloads by importing crafted xml file
POC
to join this conversation