InstantCMS 2.16.1 Cross Site Scripting

2024.02.20
Credit: SoSPiro
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: InstantCMS - Store XSS # Application: InstantCMS # Version: v2.16.1 # Bugs: Stored XSS # Technology: PHP # Vendor Homepage: https://instantcms.ru/ # Software Link: https://instantcms.ru/get # Date: 14.09.2023 # Author: SoSPiro # Tested on: Windows ## Description I noticed that you filtered the filter very carefully. But there are still some parts you missed ## POC 1 . Login with admin 2 . Go to "http://localhost/o2/admin/menu/item_edit/18" 3 . Insert payload in CSS class 4 . Click save , and go to home page, and Detect store xss in footer https://drive.google.com/file/d/1_9QGoBnbZZrsHUgNkujja1Ptj3f8fl2W/view?usp=sharing ## Impact This security vulnerability has the potential to steal multiple users' cookies, gain unauthorized access to that user's account through stolen cookies, or redirect the user to other malicious websites... ## Bug fix commit https://github.com/instantsoft/icms2/commit/b2172a0f842fc28966b00bab3e2e9094c6bfd156 ## Reference https://huntr.com/bounties/18546c85-de6a-4252-a02f-c9d26f4f775e/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top