Description: Rite CMS 3.0 is affected by a Multiple Cross-Site scripting (XSS) stored vulnerability that allows attackers to execute arbitrary code via a crafted payload i to the Main Menu - Items in the Administration Menu.
Attack Vectors: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
When logging into the panel, we will go to the "Administration - Menus - Main Menu" section.
We click on Add item button and we add the XSS payloads to the Name, Title, Link and Accesskey fields.
'"><svg/onload=propmt('Name')>
In the following images you can see the embedded code that executes the payload in the main web.