Skip to content
This repository has been archived by the owner on Jul 22, 2020. It is now read-only.

Persistent XSS on 'Site name' field (site_name) #483

Open
nathunandwani opened this issue May 22, 2018 · 1 comment
Open

Persistent XSS on 'Site name' field (site_name) #483

nathunandwani opened this issue May 22, 2018 · 1 comment
Assignees

Comments

@nathunandwani
Copy link

nathunandwani commented May 22, 2018

Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name by doing an authenticated POST HTTP request to ClipperCMS/manager/processors/save_settings.processor.php.

This vulnerability is specifically the "Site Name" field found under the Configuration->Site tab. Here's an output when the payload <script>alert(1)</script> is entered and saved.

Upon saving through the field:
xss on save

Upon visiting the login page:
xss on page visit

If the data is not sanitized upon input (Site name), these components are going to return arbitrary web script or HTML that can be rendered by the browser because of having <?php echo $site_name; ?>, hence, the "Affected Components" are as follow:
-/manager/actions/mutate_settings.dynamic.php
-/manager/actions/import_site.static.php
-/manager/actions/mutate_content.dynamic.php
-/manager/frames/1.php
-/manager/frames/tree.php
-/manager/frames/menu.php

Please refer here for a fix: nathunandwani@f286fbf

@fgeek
Copy link

fgeek commented Nov 12, 2018

CVE-2018-11332 has been assigned for this vulnerability.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants