Stored XSS is found in the "Manager Permissions" field in CMS Clipper_1.3.3 version. The Manager Permissions value is obtained from the User Groups, Resource Groups and Users/resource group links. which having adding users list and groups list. it is getting stored and displayed without any sanitation.
Affected URL: http://127.0.0.1:880/ClipperCMS-clipper_1.3.3/manager/
Under Security tab, click on Manager Permissions -->>User Groups
in User Groups parameter try to Create a new Users Group XSS payload
<img/id="confirm(1)"/alt="/"src="/"onerror=eval(id)>'"> and click on submit button
4.The script is getting executed.
Under Security tab, click on Manager Permissions -->>Resource Groups
in User Groups parameter try to Create a new Resource Group XSS payload
<img/id="confirm(1)"/alt="/"src="/"onerror=eval(id)>'"> and click on submit button
6.The script is getting executed.
Users/resource group links submit the XSS payload which we have saved. For your reference:
Mitigation:
Sanitize HTML Markup with a Library Designed for the Job
Never Insert Untrusted Data Except in Allowed Locations
HTML Escape Before Inserting Untrusted Data into HTML Element Content
Attribute Escape Before Inserting Untrusted Data into HTML Common Attributes https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
The text was updated successfully, but these errors were encountered:
prasadlingamaiah
changed the title
Stored XSS in Manager Permissions
Stored Cross Site Scripting in CMS Clipper_1.3.3
Aug 2, 2019
Stored XSS is found in the "Manager Permissions" field in CMS Clipper_1.3.3 version. The Manager Permissions value is obtained from the User Groups, Resource Groups and Users/resource group links. which having adding users list and groups list. it is getting stored and displayed without any sanitation.
Affected URL:
http://127.0.0.1:880/ClipperCMS-clipper_1.3.3/manager/
Steps to POC:
in User Groups parameter try to Create a new Users Group XSS payload
<img/id="confirm(1)"/alt="/"src="/"onerror=eval(id)>'"> and click on submit button
4.The script is getting executed.
in User Groups parameter try to Create a new Resource Group XSS payload
<img/id="confirm(1)"/alt="/"src="/"onerror=eval(id)>'"> and click on submit button
6.The script is getting executed.
For your reference:
Mitigation:
Sanitize HTML Markup with a Library Designed for the Job
Never Insert Untrusted Data Except in Allowed Locations
HTML Escape Before Inserting Untrusted Data into HTML Element Content
Attribute Escape Before Inserting Untrusted Data into HTML Common Attributes
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
The text was updated successfully, but these errors were encountered: