MCMS System V5.5 /mcms/search.do xss vulnerability
NAME OF AFFECTED PRODUCT(S)
Vendor Homepage
AFFECTED AND/OR FIXED VERSION(S)
Vulnerable File
VERSION(S)
Software Link
PROBLEM TYPE
Vulnerability Type
Impact
- Attackers can exploit this reflected XSS vulnerability to achieve unauthorized access to user accounts, hijack user sessions, steal sensitive user data, deface web pages, and even compromise the integrity of the entire website, posing a serious threat to user privacy and the normal operation of the business.
DESCRIPTION
- During the security review of "MCMS System",I discovered a xss vulnerability in the "/mcms/search.do" .
No login or authorization is required to exploit this vulnerability
Vulnerability details and POC
Vulnerability lonameion:
- 'content_title‘ parameter
Payload:
"onmouseover=prompt(1)//
According to the route /mcms/search, locate the MCmsAction class and find that its xss filtering method is completely unfiltered. For example, // and ""
Suggested repair
-
Encode output data:
Encode all user-generated content before displaying it on a web page. This ensures that any potentially malicious scripts are treated as plain text rather than executable code. For example, convert special characters such as <, >, and & to their respective HTML entities (<, >, and &).
-
Input validation and filtering:
Strictly validate and filter user input data to ensure it conforms to the expected format.
-
Use Content Security Policy (CSP):
Implement a Content Security Policy to restrict the sources from which scripts can be executed.
-
Regular security audits:
Regularly conduct code and system security audits to promptly identify and fix potential security vulnerabilities.
MCMS System V5.5 /mcms/search.do xss vulnerability
NAME OF AFFECTED PRODUCT(S)
Vendor Homepage
AFFECTED AND/OR FIXED VERSION(S)
Vulnerable File
VERSION(S)
Software Link
PROBLEM TYPE
Vulnerability Type
Impact
DESCRIPTION
No login or authorization is required to exploit this vulnerability
Vulnerability details and POC
Vulnerability lonameion:
Payload:
"onmouseover=prompt(1)//
According to the route /mcms/search, locate the MCmsAction class and find that its xss filtering method is completely unfiltered. For example, // and ""
Suggested repair
Encode output data:
Encode all user-generated content before displaying it on a web page. This ensures that any potentially malicious scripts are treated as plain text rather than executable code. For example, convert special characters such as <, >, and & to their respective HTML entities (<, >, and &).
Input validation and filtering:
Strictly validate and filter user input data to ensure it conforms to the expected format.
Use Content Security Policy (CSP):
Implement a Content Security Policy to restrict the sources from which scripts can be executed.
Regular security audits:
Regularly conduct code and system security audits to promptly identify and fix potential security vulnerabilities.