CMS MADE SIMPLE FORGE

CMS Made Simple Core

 

[#12324] Cross Site Scripting Vulnerability on "Search" via "Module Manager" feature in CMS Made Simple v2.2.14

avatar
Created By: NamTV (tranvannam186@gmail.com)
Date Submitted: Thu Jun 18 00:57:14 -0400 2020

Assigned To: Matt Hornsby (DIGI3) (DIGI3)
Version: 2.2.14
CMSMS Version: 2.2.14
Severity: Major
Resolution: None
State: Open
Summary:
Cross Site Scripting Vulnerability on "Search" via "Module Manager" feature in CMS Made Simple v2.2.14
Detailed Description:
Cross Site Scripting Vulnerability on "Search" via "Module Manager" feature in
CMS Made Simple v2.2.14
**Describe the bug
An authenticated malicious user can take advantage of a Reflected  XSS
vulnerability on "Search" via "Module Manager" feature in CMS Made Simple
v2.2.14
**To Reproduce
Steps to reproduce the behavior:
1. Log into the panel.
2. Go to
"/admin/moduleinterface.php?mact=ModuleManager,m1_,defaultadmin,0&__c=bc3d9521e52526ae002"
3. Select "Search"
4. Insert Payload in "Search Term":
    // # "><svg/onload=prompt(/NamTV/)>
    "><svg/onload=alert(document.domain)>
    "><img src onerror=alert("NamTV")> 
5. Click "Submit"
6. View the preview to trigger XSS.
7. View the preview to get in request and such Reflected  XSS.
**Expected behavior
The removal of script tags is not sufficient to prevent an XSS attack. 
You must HTML Entity encode any output that is Reflected  back to the page.
**Impact
Commonly include transmitting private data, like cookies or other session
information, to the attacker, redirecting the victim to web content controlled
by the attacker, or performing other malicious operations on the user’s machine
under the guise of the vulnerable site.
**Screenshots
**Desktop (please complete the following information):
- OS: Ubuntu
- Browser: Firefox
- Version: 76.0.1


History

Updates

Updated: 2020-06-18 00:58
description: Cross Site Scripting Vulnerability on "Search" via "Module Manager" feature in CMS Made Simple v2.2.14 **Describe the bug An authenticated malicious user can take advantage of a Reflected XSS vulnerability on "Search" via "Module Manager" feature in CM => Cross Site Scripting Vulnerability on "Search" via "Module Manager" feature in CMS Made Simple v2.2.14 **Describe the bug An authenticated malicious user can take advantage of a Reflected XSS vulnerability on "Search" via "Module Manager" feature in CM
resolution_id: => 5