Skip to content
This repository was archived by the owner on Jul 22, 2020. It is now read-only.
This repository was archived by the owner on Jul 22, 2020. It is now read-only.

Persistent XSS on 'Site name' field (site_name) #483

Open
@nathunandwani

Description

@nathunandwani

Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name by doing an authenticated POST HTTP request to ClipperCMS/manager/processors/save_settings.processor.php.

This vulnerability is specifically the "Site Name" field found under the Configuration->Site tab. Here's an output when the payload <script>alert(1)</script> is entered and saved.

Upon saving through the field:
xss on save

Upon visiting the login page:
xss on page visit

If the data is not sanitized upon input (Site name), these components are going to return arbitrary web script or HTML that can be rendered by the browser because of having <?php echo $site_name; ?>, hence, the "Affected Components" are as follow:
-/manager/actions/mutate_settings.dynamic.php
-/manager/actions/import_site.static.php
-/manager/actions/mutate_content.dynamic.php
-/manager/frames/1.php
-/manager/frames/tree.php
-/manager/frames/menu.php

Please refer here for a fix: nathunandwani@f286fbf

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions