Authenticated Stored Cross Site Scripting Vulnerability

[c0d3G33k]

Hi, I have found a stored XSS vulnerability.

Affected Version:
3.0.4 or before

Affected URL:
http://<your_site>/monstra/<page_name.php>

Payload

"><img src=x onerror=prompt(1)>

Steps to replicate:

1. Goto http://127.0.0.1/monstra/admin/index.php?id=pages
2. Create a new page
3. Navigate to title section
4. Enter payload as shown in above section
5. Visit http://<your_site>/monstra/<page_name.php>.php
6. You will triage JavaScript execution

Impacts:

A user with editor level privileges can make JavaScript code execution in admin's session.

Testing Environment:

1. Server: Apache 2.4.2
2. PHP : 7.1.8

Mitigation:
Pass user input from below mentioned function

function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}