all InfoSec news
Stored Cross-Site Scripting in Craft CMS
May 19, 2023, 7:53 p.m. | Evan Grant
Tenable Research Advisories www.tenable.com
A researcher at Tenable discovered a post-authentication stored cross-site scripting (XSS) vulnerability in Craft CMS core.
When creating a new field it is possible to inject html, including script tags, and inject an XSS payload which will be executed by users accessing the “Categories” and “Entries” pages.
Proof of Concept:
1. Create a new field with a name such as
2. Create a new category or section and add the field created in step …
authentication cms cross-site html inject payload researcher script scripting tenable vulnerability xss
More from www.tenable.com / Tenable Research Advisories
Approach.App Multiple Vulnerabilities
1 week, 6 days ago |
www.tenable.com
Path Traversal Affecting Multiple CData Products
3 weeks, 6 days ago |
www.tenable.com
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities
1 month, 2 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Data Privacy Manager m/f/d)
@ Coloplast | Hamburg, HH, DE
Cybersecurity Sr. Manager
@ Eastman | Kingsport, TN, US, 37660
KDN IAM Associate Consultant
@ KPMG India | Hyderabad, Telangana, India
Learning Experience Designer in Cybersecurity (f/m/div.) (Salary: ~113.000 EUR p.a.*)
@ Bosch Group | Stuttgart, Germany
Senior Security Engineer - SIEM
@ Samsara | Remote - US