Skip to content
This repository has been archived by the owner on Sep 18, 2024. It is now read-only.

There is a XSS vulnerability that can execute javascript #798

Open
coalzhao opened this issue Aug 9, 2018 · 1 comment
Open

There is a XSS vulnerability that can execute javascript #798

coalzhao opened this issue Aug 9, 2018 · 1 comment

Comments

@coalzhao
Copy link

coalzhao commented Aug 9, 2018

Founded in your demo site.
https://demo.gleezcms.org/media/imagecache/resize/20x20//
Visit this address with Firefox browser and it shows a forbidden page
image

Then insert the payload

<script>alert(1)</script>

then u can see this page alert 1 at once.

image

Obviously, some js code can be executed.
@sandeepone
Copy link
Member

Thank you. I'll look into it

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sandeepone @coalzhao