cms icon indicating copy to clipboard operation
cms copied to clipboard
verified publisher icon LavaLite

Stored XSS exists in Blog package of Lavalite CMS v8.1.2

Open faisalfs10x opened this issue 4 years ago • 0 comments

PoC 1: Affected endpoint: POST http://localhost/website/public/admin/blog/blog/rA0kxlke49 Field: Title Parameter: title

PoC 2: Affected endpoint: POST http://localhost/website/public/admin/blog/tag/rA0kxlke49 Field: Name Parameter: name

This issue is also reported via huntr.dev https://huntr.dev/bounties/50b2575f-01a2-4202-8d31-aa7f3164fdfb/

faisalfs10x avatar Feb 02 '22 03:02 faisalfs10x