CVE-2021-42866: Pixelimity 1.0 XSS vulnerability

Vulnerabilty found in Pixelimity by "HAXSS" a Reinforcement Learning Agent for Cross Site Scripting (XSS) testing.


The "Site Description" field of the "pixelimity/admin/setting.php" page of Pixelimity CMS is subject to a Cross Site Scripting (XSS) vulnerability. This allows malicious users to send an authenticated POST HTTP request to inject JavaScript or HTML.

Known Payloads:

Steps to Reproduce:

1. Log into the admin panel ('admin/signin.php').

2. Use the dashboard to navigate to the config page ('admin/setting.php')

3. Edit the "Site Description" field on the page to a malicious payload

4. Save the settings

5. Vulnerability is shown