Jun 21, 2022
Download Manager <= 3.2.43 — Contributor+ Cross-Site Scripting
Download Manager Cross-Site Scripting
Plugin — 3.2.43 (3.2.43)
Description
Stored Cross-Site Scripting Download Manager
I want to communicate this vulnerability discovered via upload file (authenticated).
When you add the xss javascript code to the field: “url” and click on it, it will be interpreted.
Code affected:
<input type=”url” id=”rurl” class=”form-control” placeholder=”Insert URL” style=”margin-right: -1px”>
Xss payload used: <x onmouseup=alert(document.cookie);>click this!