You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello In addition to the command injection that was mentioned in one of the preceding issues, it's also vulnerable to stored XSS and blind stored XSS in the Admin panel. This is a high severity issue as it allows attackers to specifically target users or even administrators. As an admin who checks the blog to edit it or delete it will be met with the alert which means JS is executing admin side which could allow theft of admin credentials and session.
Reproduction is quite easy.
First install cms, login with administrator to create a blog, create a page and insert blog to it, then logout as admin.
Then we go our blog post and file out the reaction information. We fill in name/email/message with generic information. For our url we'll provide this string, http://google.com/?"><svg/onload=confirm(document.domain)>
Once we submit we'll see an alert echo'ing our website's domain name. Then log back in as admin and go to blog posts to see it firing there as well.
The text was updated successfully, but these errors were encountered:
Alyssa-o-Herrera
changed the title
Stored XSS due to Unsantized Url embedding
Stored XSS in admin/blog reaction post due to Unsantized Url embedding
Feb 17, 2018
Additionally this has been assigned CVE-2018-7197. The severity of this issue is high as an attacker can use this to successfully take over an administrative account, and perform authenticated actions if they're able to steal the session and credentials of an administrator.
Alyssa-o-Herrera
changed the title
Stored XSS in admin/blog reaction post due to Unsantized Url embedding
CVE-2018-7197 Stored XSS in admin/blog reaction post due to Unsantized Url embedding
Feb 18, 2018
Hello In addition to the command injection that was mentioned in one of the preceding issues, it's also vulnerable to stored XSS and blind stored XSS in the Admin panel. This is a high severity issue as it allows attackers to specifically target users or even administrators. As an admin who checks the blog to edit it or delete it will be met with the alert which means JS is executing admin side which could allow theft of admin credentials and session.
Reproduction is quite easy.
The text was updated successfully, but these errors were encountered: