goFrendiAsgard/No-CMS

Another Persistent XSS

s-kustm opened this issue · 2 comments

s-kustm commented

Affected software:

No-CMS

Description:

No-CMS is a basic and "less-assumption" CMS with some default features such as user authorization (including third-party authentication), menu, module and theme management. It is fully customizable and extensible, you can make your own module and your own themes. It provides freedom to make your very own CMS, which is not provided very well by any other CMS.

Type of vulnerability:

XSS Persistent

URL:

https://github.com/goFrendiAsgard/No-CMS

Description:

No-CMS is prone to a Persistent Cross-Site Scripting attack that allows a malicious user to inject HTML or scripts that can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. Anonymous user can send the XSS payload through the contact form to the Administrator.

#Affected Parameter:
VG48Z5PqVWcontent

Proof of concept

  1. Open URL <Yoyrsite.com>/contact_us i.e. http://127.0.0.38/contact_us

  2. Put XSS payload "><svg/onload=alert("XSS_By_Subodh")> in VG48Z5PqVWcontent" parameter.
    xss-1

  3. Now, Login Admin account and open URL http://127.0.0.38/contact_us/manage_message

  4. Open Message sent with XSS payload (See Image2.png XSS payload is getting executed Here).
    xss-2

#Reported by:
Subodh Kumar
https://github.com/s-kustm/
https://www.linkedin.com/in/subodh-kumar-8a00b1125/

goFrendiAsgard commented

Thanks for your report 👍

s-kustm commented

How long you will take to patch the vulnerability. Will you provide a CVE ID for this or I have to contact to CNA (CVE Numbering Authority - CVE MITRE).

Thanks