Cross-site Scripting (XSS) - Reflected in kunstmaan/kunstmaanbundlescms
Nov 20th 2021
In kunstmaan / kunstmaanbundlescms ,extra metadata in seo form is vulnerable to reflected cross site scripting.
Proof of Concept
login to the demo account
go to pages -->select any page to edit --> go to SEO --->
Add payload to extra meta data and click save and see the preview an xss alert is triggered.
payload = "><iMg SrC="x" oNeRRor="alert(1);">
This vulnerability is capable of stolen the user cookies.
We are processing your report and will contact the kunstmaan/kunstmaanbundlescms team within 24 hours. a year ago
We have contacted a member of the kunstmaan/kunstmaanbundlescms team and are waiting to hear back a year ago
A kunstmaan/kunstmaanbundlescms maintainer validated this vulnerability a year ago
Asura-N has been awarded the disclosure bounty
The fix bounty is now up for grabs
A kunstmaan/kunstmaanbundlescms maintainer marked this as fixed in 6.1.0 with commit b58d64 a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation