Cross-site Scripting (XSS) - Stored in forkcms/forkcms
Oct 25th 2021
Proof of Concept
- I downloaded this module
, unzipped it and adjusted the
description path of the file
<description> <![CDATA[ The banners module. <script>alert(4);</script> ]]> </description>
After adjusting the
info.xml file, pack all files back to a zip file and upload it as new module.
After upload, visit the Details page of this module.