Search found 2 matches
- Mon Jan 12, 2015 9:03 pm
- Forum: 0.6.X beta support
- Topic: Security Vulnerabilities
- Replies: 10
- Views: 34882
Re: Security Vulnerabilities
The inputs will need to be properly sanitized to remove possibly malicious data being given to the application. Lines 12 and 13 of index.php need to be filtered and limited to just text to stop the XSS attack. (More information on XSS attacks is available here: https://www.owasp.org/index.php/Cross-...
- Tue Jan 06, 2015 10:06 pm
- Forum: 0.6.X beta support
- Topic: Security Vulnerabilities
- Replies: 10
- Views: 34882
Security Vulnerabilities
To continue upon what igorkov found and mentioned in this post, http://wondercms.com/forum/viewtopic.php?f=20&t=620 , I've found another security vulnerability in WonderCMS. The 404 page/page created page is vulnerable to XSS injection. Proof of Concept: http://wondercms.com/%3Cscript%3Ealert%28...