[BUG] Found Xss Stored vuln in Administration page

[GrayR0ot]

Describe the bug | Décrivez le bug

Edit members from admin panel allow us using Xss Stored vulnerability

To Reproduce | Pour reproduire le bug

Steps to reproduce the behavior: | Étapes pour reproduire le bug :

1. Go to Membres -> Edit any

2. Set the user name to <script>alert("XSS");</script>

3. Then save

It allow us using Stored Xss vulnerability. Which would allow us stoling visitors cookies and more other fun facts

[nivcoo]

Indeed no page of the admin panel is protected against XSS, it should be but we felt that if you have access to the admin panel you are someone you can trust

[nivcoo]

For the cookies, if you have access to the file you can also do anything with cookies and customer information

[GrayR0ot]

I just successfully hijacked a customer Dashboard but if you think it's normal letting this kind of vulnerability this is your choice.

[nivcoo]

It's not really a choice, but yes it would be nice to take 2-3 hours to make the necessary changes

[nivcoo]

We will add protection for the XSS on panel admin in no time :p

[StanByes]

It's good