Wolf CMS new Persistent XSS

Wolfcms 0.75 (and lower) is prone to  a persistent XSS vulnerability due to an improper input sanitization of  “setting[admin_email]” parameter, passed to server side logic (path: “wolfcms/admin/setting”) via http POST method.
Exploiting this vulnerability an authenticated admin could insert arbitrary code in “Site email” field which will be executed  when another admin clicks on “Administrator” tab.

To view my Original Advisory:
Wolfcms 0.75 new Pesistent XSS

Other related publications:
Security Focus


Leave a Reply

Your email address will not be published. Required fields are marked *