Stored XSS - Nucleus CMS v3.71 #94
Comments
|
ok, I will fix it later. |
|
We would like to report this to CVE Mitre for registering it with a CVE ID. Looking forward to your response. |
|
Any updates? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description: The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XSS is also sometimes referred to as Persistent or Type-I XSS.
Vulnerability Name: Persistent XSS
VulnerableURL:-
http://localhost/NucleusCMS-master/NucleusCMS-master/nucleus/bookmarklet.php?blogid=1
Discovered by: BreachLock
Website: https://www.breachlock.com
Author: Rahul Kumar Rai
Proof of concept:
Step1: Login into the Nucleus using the admin role.
Step2: Click on the “Add an item”.
Step3: Here we fill the “Title” and “Body” fields with XSS payload. Here it got executed because it is in “Auto Save now” mode. The relevant POC is attached here.
Here the “Title” field is vulnerable to XSS.
Here the “Body” field is vulnerable to XSS.
Step4: - Now, we will click on “Add Item” and then our item added successfully.
Step5: Click on the “Close Window” .After that click on the added Item, it is shown below.
Step 6: - Here same XSS got executed on My Nucleus CMS page.
The text was updated successfully, but these errors were encountered: