Cross-Site Scripting Vulnerable #13
Description
We have identified a critical security issue on our website: an Stored XSS (Cross-Site Scripting) vulnerability. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized access to sensitive information, unauthorized actions on the website, or complete control over users' browsers.
Function /admin: System, Utility event, , content, marketing, member, merchandise
- When u add, edit some content to
<img src=x onerror=alert(1)>
it will pop up an alert box -> we can use that to do everything that javascript can do (steel admin'scookie , redirect to others website,...)