# Exploit Title: RiteCMS 3.0.0 – Reflected Cross-Site Scripting (XSS) # Google Dork: N/A # Date: 2024-08-12 # Exploit Author: GURJOT SINGH # Vendor Homepage: https://ritecms.com/ # Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.0.0/ritecms.v3.0.0.zip # Version: <= 3.0.0 # Tested on: Ubuntu 22.04 LTS, PHP 8.1, Apache 2.4 # CVE: CVE-2024-28623 ## Description: A reflected Cross-Site Scripting (XSS) vulnerability exists in RiteCMS v3.0.0 within the `main_menu/edit_section` parameter. An attacker can inject arbitrary JavaScript code that will execute in the context of the victim's browser session. ## Impact: - Theft of credentials or session tokens - Phishing or malicious redirection - Full control over the victim’s active browser session ## Proof of Concept (PoC): Payload: '"><svg/onload=confirm(/xsss/)> Steps: 1. Log in or navigate to the vulnerable `main_menu/edit_section` functionality. 2. Inject the above payload into the vulnerable parameter. 3. Observe the execution of the injected JavaScript. Video PoC: https://github.com/GURJOTEXPERT/ritecms/blob/main/POC.mp4 Full write-up & repository: https://github.com/GURJOTEXPERT/ritecms ## Mitigation: - Implement strict input validation and output encoding. - Enforce a Content Security Policy (CSP) to limit script execution. - Update RiteCMS to a patched version when available.