Skip to content
This repository has been archived by the owner on Jul 22, 2020. It is now read-only.

Reflected Cross Site Scripting in CMS Clipper_1.3.3 #487

Open
prasadlingamaiah opened this issue Jun 10, 2018 · 1 comment
Open

Reflected Cross Site Scripting in CMS Clipper_1.3.3 #487

prasadlingamaiah opened this issue Jun 10, 2018 · 1 comment

Comments

@prasadlingamaiah
Copy link

prasadlingamaiah commented Jun 10, 2018

XSS is found in the "Security -->>Webusers" field in CMS Clipper_1.3.3 version. The Security name value is obtained from the webusers, having search parameter for user list. it is getting reflected and displayed without any sanitation.
Affected URL:
http://127.0.0.1:880/ClipperCMS-clipper_1.3.3/manager/
Steps to POC:

  1. access the URL http://127.0.0.1:880/ClipperCMS-clipper_1.3.3/manager/
  2. Under Security tab, click on web users -->>search parameter
  3. in search parameter enter XSS payload
    '">>"></plaintext></|><plaintext/onmouseover=prompt(1)> and click on GO button
    4.The script is getting executed.
    For your reference:
    1 1
    1 2
    1 3
    1 4
    1 5

Mitigation:
Sanitize HTML Markup with a Library Designed for the Job
Never Insert Untrusted Data Except in Allowed Locations
HTML Escape Before Inserting Untrusted Data into HTML Element Content
Attribute Escape Before Inserting Untrusted Data into HTML Common Attributes
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

@prasadlingamaiah prasadlingamaiah changed the title XSS Reflected Cross Site Scripting in CMS Clipper_1.3.3 Aug 2, 2019
@prasadlingamaiah
Copy link
Author

any update on this vulnerability

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant