Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CMSuno v1.7 stored XSS #17

Closed
splint3rsec opened this issue Jul 9, 2021 · 6 comments
Closed

CMSuno v1.7 stored XSS #17

splint3rsec opened this issue Jul 9, 2021 · 6 comments

Comments

@splint3rsec
Copy link

Hi :)

cmsuno version 1.7 is vulnerable to a stored cross site scripting. An authenticated attacker can inject a payload while updating the template's image filename after intercepting the request using Burpsuite via the tgo parameter.
After successful update of the template, the xss is poped up in the website page.

Steps to reproduce

  1. Go to /uno.php and click on plugins
  2. Click on Logo
    1
  3. Choose a random picture in your files repository, click on save and intercept the request using BurpSuite
  4. Change the tgo parameter value with the following
    2
  5. Forward the request and click on publish
    3
  6. Click on See the website
    4
  7. XSS
    5
    6

Thanks

@boiteasite
Copy link
Owner

Hi,

Thanks for this full report. I will fix that.

Regards

@boiteasite
Copy link
Owner

This is fixed. V1.7.1

Regards

@splint3rsec
Copy link
Author

Hi @boiteasite ! Thank you for the patch, is it possible to request a CVE ID?

@fgeek
Copy link

fgeek commented Aug 4, 2021

CVE-2021-36654 has been assigned for this issue. You can request CVEs via https://cveform.mitre.org/.

@boiteasite
Copy link
Owner

Thank you Henri, I did not know this site.

@splint3rsec
Copy link
Author

Thank you @fgeek @boiteasite :) Have a nice day :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants