A stored xss vulnerability in "/account/details.php" of WebsiteBaker 2.10.0

WebsiteBaker 2.10.0 has a stored xss  vulnerability in "/account/details.php".

More details will be release after it is fixed( 90 days after being fixed)

This bugs was discovered by ADLab of VenusTech.

In "/account/details.php", 
    Line 22 has a var named $display_name which can be controlled by browser side.   
    Line 47 wirte $display_name to database with escapeString.

After checking the html, we found that $display_name can bypass escapeString.

   URL: http://localhost/websitebaker/account/preferences.php
   POST:action=details&display_name=233" onfocus="alert(/xss/)" autofocus="123


  1. Keep it simple; first, try to abstain from drugs when you learn about your drug test. Work out regularly and incorporate fruits and vegetables into your diet to get detoxification started. Also, avoid fatty foods since the fat-soluble THC will cling to your body.The biggest bother for cannabis consumers is a drug test. On the one hand, cannabinoids such as CBD & Delta-8 THC are legal, and researchers are on a constant quest to study their medicinal properties. But, on the other hand, they will show up on a hair drug test and mark you a druggie! Based on the sample used, five types of hair drug tests are currently in use to detect drug use or the presence of THC in your system.




A Reflected XSS Vulnerability in wordpres plugin"raygun4wp"