A stored xss vulnerability in "/account/details.php" of WebsiteBaker 2.10.0
Description: WebsiteBaker 2.10.0 has a stored xss vulnerability in "/account/details.php". Details: More details will be release after it is fixed( 90 days after being fixed) Credit: This bugs was discovered by ADLab of VenusTech. Details(public): ------------------------------------------------------------------------------------------------------------- In "/account/details.php", Line 22 has a var named $display_name which can be controlled by browser side. Line 47 wirte $display_name to database with escapeString. After checking the html, we found that $display_name can bypass escapeString. POC: URL: http://localhost/websitebaker/account/preferences.php POST:action=details&display_name=233" onfocus="alert(/xss/)" autofocus="123