Cross-site Scripting (XSS) - Stored in kunstmaan/kunstmaanbundlescms

Valid

Reported on

Nov 20th 2021

Description

In kunstmaan / kunstmaanbundlescms, menu form slug field is vulnerable to cross site scripting

Proof of Concept

  1. login to demo page

  2. go to pages, open any page

  3. go to menu , in slug feild place the payload and save, it will trigger.

payload : "><iMg SrC="x" oNeRRor="alert(1);">

Impact

This vulnerability is capable of stolen the user session

We are processing your report and will contact the kunstmaan/kunstmaanbundlescms team within 24 hours. a year ago
We have contacted a member of the kunstmaan/kunstmaanbundlescms team and are waiting to hear back a year ago
kunstmaan/kunstmaanbundlescms maintainer validated this vulnerability a year ago
Asura-N has been awarded the disclosure bounty
The fix bounty is now up for grabs
kunstmaan/kunstmaanbundlescms maintainer marked this as fixed in 6.1.0 with commit b58d64 a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
NodeTranslation.php#L221L274 has been validated
to join this conversation