CMS MADE SIMPLE FORGE

CMS Made Simple Core

 

[#12001] Stored Cross-site Scripting in CMS Made Simple - File picker feature

avatar
Created By: Chi Tran (chitran)
Date Submitted: Sun Mar 24 13:22:03 -0400 2019

Assigned To:
Version: 2.2.10
CMSMS Version: 2.2.10
Severity: Trivial
Resolution: Accepted
State: Open
Summary:
Stored Cross-site Scripting in CMS Made Simple - File picker feature
Detailed Description:
Hello CMSMS Team,

I am reaching out to report a Stored XSS vulnerability via File picker feature
from CMS Made Simple version 2.2.10. An attacker can create a new profile and
add payload into "Name" field.
Steps to reproduce:
- Navigate to Admin Dashboard
- Click on Extension -> File Picker feature
- Click on "Add a new Profile"
- In "Name" field, input payload: <svg/onload=alert(document.domain)>
- Click "Submit"
- After submitting, payload will be executed every time we refresh "File Picker"
page.

Impact:
- An attacker will be able to take over an account as well as cookies hijacking.




History

Updates

Updated: 2019-03-24 15:09
resolution_id: 5 => 6

Updated: 2019-03-24 13:42
severity_id: 1 => 4
assigned_to_id: 9859 => 100

Updated: 2019-03-24 13:35
assigned_to_id: 102 => 9859

Updated: 2019-03-24 13:28
resolution_id: => 5
assigned_to_id: 100 => 102