Cross-site Scripting (XSS) - Stored in zoujingli/thinkadmin

Valid

Reported on

Sep 15th 2021


Description

Stored xss

Proof of Concept

Plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1hyN4X9gIgQJH2B5QEFhkniGt78sIw1iF/view?usp=sharing

Impact

Xss allow to arbitary javascript code execution

We have contacted a member of the zoujingli/thinkadmin team and are waiting to hear back 8 days ago
邹景立
8 days ago

Maintainer


The CKEDITOR has removed the on event.

邹景立 validated this vulnerability 8 days ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
邹景立 confirmed that a fix has been merged on 94b9b6 8 days ago
邹景立 has been awarded the fix bounty
邹景立
8 days ago

Maintainer


Just update the configuration file of ckeditor.

邹景立
8 days ago

Maintainer


https://github.com/zoujingli/ThinkAdmin/blob/v6/public/static/plugs/ckeditor/config.js#L17