I still found some Stored XSS even though many XSS issues were reported in this CMS. They are in Full Name field of user under Security -> Manager Users tab and Security -> Web Users which allow authenticated attacker (who has user management role) to inject/store malicious script inside Full name field. The script will be executed once Manager Users or Web Users page is accessed.
Steps to reproduce stored XSS
Go to Security -> Manager Users or Security -> Web Users tab
Add new user or edit existing user
In Full name field, input XSS payload and save
Visit Security -> Manager Users or Web Uses, the payload will be executed
Impact:
after successful exploit, user's cookies can be stolen and CSRF validation (Referer header in this CMS) can also be bypassed. That also can lead to admin account take over.
Authenticated XSS might not be a serious issue but to let malicious script executed from admin's browser is not a good thing either.
Screenshots:
The text was updated successfully, but these errors were encountered:
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
None yet
1 participant
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.
Hello
I still found some Stored XSS even though many XSS issues were reported in this CMS. They are in Full Name field of user under Security -> Manager Users tab and Security -> Web Users which allow authenticated attacker (who has user management role) to inject/store malicious script inside Full name field. The script will be executed once Manager Users or Web Users page is accessed.
Steps to reproduce stored XSS
Impact:
after successful exploit, user's cookies can be stolen and CSRF validation (Referer header in this CMS) can also be bypassed. That also can lead to admin account take over.
Authenticated XSS might not be a serious issue but to let malicious script executed from admin's browser is not a good thing either.
Screenshots:

The text was updated successfully, but these errors were encountered: