If you save the following string "<script>alert("Booh!")</script>" in the field "name" of a document in the properties tab. This script will be executed every time the document is displayed in the content navigation tree (umbraco 4.7.0).
This can be used to compromise logins of cms users if an hacker manages to get this stored in the database (please note that packages or custom components have access to this field and can present a potential entry point for a hacker).
When could this be solved? And might there a simple solution available that we can use to patch this with?
XSS scripting potential
If you save the following string "<script>alert("Booh!")</script>" in the field "name" of a document in the properties tab. This script will be executed every time the document is displayed in the content navigation tree (umbraco 4.7.0).
This can be used to compromise logins of cms users if an hacker manages to get this stored in the database (please note that packages or custom components have access to this field and can present a potential entry point for a hacker).
When could this be solved? And might there a simple solution available that we can use to patch this with?
is working on a reply...