icms2

Valid

Reported on

Aug 8th 2023

Description

Add payload to field System name:

<img src=x onerror=alert(window.origin)>

https://drive.google.com/file/d/1xJ24a3HveP4d_pKXF5zmtsNIa2-wweoA/view?usp=sharing

An attacker could perform unauthorized actions in the context of the victim's browser.

We are processing your report and will contact the instantsoft/icms2 team within 24 hours. a month ago

Chiencp modified the report

a month ago

We have contacted a member of the instantsoft/icms2 team and are waiting to hear back a month ago

A instantsoft/icms2 maintainer validated this vulnerability a month ago

It does not provide a threat. But thanks anyway, we'll fix it!

Chiencp has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

A instantsoft/icms2 maintainer marked this as fixed in 2.16.1-git with commit ddf7ac a month ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

A instantsoft/icms2 maintainer published this vulnerability a month ago

to join this conversation