Details
-
Bug
-
Resolution: Fixed
-
Highest
-
4.2.6, 4.3
-
None
-
6
-
Description
There is an persistent xss vector in the 'move' page action on a page, where the javascript/html payload is included in the name of the page.
Steps to reproduce:
1.create a page named: "''/><video onerror=alert(234234) src=xxx>'kasdfjas'dfasdf
2. (on the page) click on the "move" option under the tools drop-down menu
3. see an alert box with the number 234234 in it.