Persistent XSS

The "utilisateur" menu on the WityCMS 0.6.2 site modifies the presence of XSS at two input points for user information, with the parameters "first name" and "last name".
payload:
" onclick="alert(document.cookie)"
" onclick="alert(document.cookie)"

Javascript gets executed. Here's an output of the mentioned payload when entered and saved.
![default](https://user-images.githubusercontent.com/33438164/44775386-0dd94b80-aba8-11e8-88d4-73ff63d74a3d.png)
Payload data are submitted to apps/user/admin/view.php
![default](https://user-images.githubusercontent.com/33438164/44775427-26e1fc80-aba8-11e8-900f-3e44327757f5.png)
When users want to change their names, clicking the input box triggers the code.
![default](https://user-images.githubusercontent.com/33438164/44776163-03b84c80-abaa-11e8-8dbc-1f7a5c5c4144.png)
![default](https://user-images.githubusercontent.com/33438164/44776176-0a46c400-abaa-11e8-8245-9bfa3f23475e.png)
![default](https://user-images.githubusercontent.com/33438164/44776278-5265e680-abaa-11e8-8c4d-5858132aed99.png)





Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Persistent XSS #156

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Persistent XSS #156

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions