Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-46058: CVE/add_post_post_content.md at master · rdyx0/CVE

AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.

CVE
#xss#vulnerability#web#php

Permalink

Cannot retrieve contributors at this time

add_post_post_content

AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.

Step to Reproduct

  • Login to admin panel -> Posts -> Add Posts -> Post Content -> inject payload <img/src/onerror=prompt(1)> -> The XSS will trigger when clicked Publish Post button

Exploit

Bypass escaping needs to be submitted using the Burp Suite

Click the View Post for the new submission

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda