There is a XSS vulnerability that can execute javascript

Founded in your demo site.
https://demo.gleezcms.org/media/imagecache/resize/20x20//
Visit this address with Firefox browser and it shows a forbidden page 
<img width="1259" alt="image" src="https://user-images.githubusercontent.com/22334888/43886433-4104e2d6-9bee-11e8-8c1a-828d8557db47.png">

Then insert the payload  

<script>alert(1)</script>

then u can see this page alert 1 at once.

<img width="1140" alt="image" src="https://user-images.githubusercontent.com/22334888/43886629-dde2061a-9bee-11e8-9098-d3fd9e18ece9.png">

Obviously, some js code can be executed.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

There is a XSS vulnerability that can execute javascript #798

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

There is a XSS vulnerability that can execute javascript #798

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions