Description
- It was found that the application suffers from stored XSS
- The vulnerability was found to be in the "Menu Editor" page
- Vulnerable parameters were "Name" and "Slug"
Stored XSS in "Menu Editor"
Steps to Reproduce:
- Login as admin or author
- Browse to "Menu Editor"
- In "Name" field add payload "><img src=x onerror=alert(1)>
- In "Slug" field add payload "><img src=x onerror=alert(1)>
- Click "Save Edit" > "Save Menu"
No comments:
Post a Comment