Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, via the /admin/pictures image field. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwi...

Withdrawn Advisory: AlchemyCMS is vulnerable to stored XSS via the /admin/pictures image field

Withdrawn Advisory This advisory has been withdrawn because it does not describe a vulnerability. The maintainer states the following: The researcher used an authorized cookie to perform the request to a password-protected route. Without that session cookie, the request would have been rejected a...

AlchemyCMS Cross-Site Scripting Vulnerability

Alchemy CMS is an open source content management system CMS written in the Rails language. A cross-site scripting vulnerability exists in AlchemyCMS version 4.1.0. A remote attacker can inject arbitrary web script or HTML by sending an image field via the /admin/pictures page...

CVE-2018-18307

A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. NOTE: the vendor's position is that this is not a valid report: "The researcher used an authorized cookie to perform the request to a password-protected route. Without that session...

PT-2018-14397 · Alchemycms · Alchemycms

Name of the Vulnerable Software and Affected Versions: AlchemyCMS version 4.1.0 Description: A Stored XSS issue has been found in AlchemyCMS via the "/admin/pictures" image field. The vendor disputes the validity of this report, stating that the researcher used an authorized cookie to access a...