Cross-site Scripting (XSS) - Stored in forkcms/forkcms
Apr 19th 2021
forkcms is vulnerable to XSS through search request. It is possible to set the HTTP referer header to
🕵️♂️ Proof of Concept
Execute the following command (localhost):
With an authenticated user, access
PoC image: https://i.imgur.com/EIMofDE.png
The attackers can execute arbitrary JS code.