CMS MADE SIMPLE FORGE

CMS Made Simple Core

 

[#12004] Stored Cross-site Scripting in Site Admin Settings - News module

avatar
Created By: Chi Tran (chitran)
Date Submitted: Mon Mar 25 00:17:03 -0400 2019

Assigned To:
Version: 2.2.10
CMSMS Version: 2.2.10
Severity: Trivial
Resolution: None
State: Open
Summary:
Stored Cross-site Scripting in Site Admin Settings - News module
Detailed Description:
Hello CMSMS Team,

I am reaching out to report a Stored XSS vulnerability via Settings - News
module feature from CMS Made Simple version 2.2.10. An attacker can create a new
Category and add payload into "Name" field.
Steps to reproduce:
- Navigate to Admin Dashboard
- Click on Site Admin -> Settings - News Module
- Click on "Add Category"
- In "Name" field, input payload: <svg/onload=alert(document.domain)>
- Click "Submit"
- After submitting, payload will be executed every time we the "Settings - News
module" page.

Impact:
- An attacker will be able to take over an account as well as cookies hijacking.


History