GHSA-3FM2-XFQ7-7778 HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover
Summary Stored XSS Leading to Account Takeover Details The Exploit Chain: 1.Upload: The attacker uploads an .html file containing a JavaScript payload. 2.Execution: A logged-in administrator is tricked into visiting the URL of this uploaded file. 3.Token Refresh: The JavaScript payload makes a...