Stored XSS in Image Alt. Text

Disclosed: 2015-07-08 18:37:26 By ishahriyar To concretecms
Unknown
Vulnerability Details
XSS payload can be executed and saved permanently in Image Alt. Text. Poc Code: "><b onmouseover=alert('Wufff!')>click me!</b><"
Actions
View on HackerOne
Report Stats
  • Report ID: 50782
  • State: Closed
  • Substate: resolved
  • Upvotes: 1
Share this report