CVE-2022-1163 Cross-site Scripting (XSS) - Stored in mineweb/minewebcms

Cross-site Scripting XSS - Stored in GitHub repository mineweb/minewebcms prior to next...

Cross-site Scripting (XSS) - Stored in mineweb/minewebcms

Description A malicious actor is able to add new Notification with a malicious payload, and upon the user receives the notification, the malicious payload is being executed. Proof of Concept - 1; Log in with any user, who is able to submit notifications - 2; Create a new notification at...

Cross-site Scripting (XSS) - Stored in mineweb/minewebcms

Description A malicious actor is able to add a malicious payload as a new Page Title, and after every time any administrative user visits the /admin/pages route, the XSS payload is executed. Proof of Concept 1;Create a new Page at the following route: /admin/pages/add. Use the following payload a...