search

BlackCatDevelopment / BlackCatCMS

BlackCat CMS is a PHP5, HTML5 content management system
https://blackcat-cms.org
Other
11 stars 9 forks source link

Cross Site Script Vulnerability on "Page" in BlackCAT CMS 1.3.6 #401

Closed r0ck3t1973 closed 3 years ago

r0ck3t1973 commented 4 years ago

Describe the bug An authenticated malicious user can take advantage of a Stored XSS vulnerability in the "Add Page" feature in Admin

To Reproduce Steps to reproduce the behavior:

  1. Login into the Admin panel
  2. Go to 'BlackCatCMS/backend/start/index.php'
  3. Click 'Add Page'
  4. Insert Payload in 'Title': '><details/open/ontoggle=confirm(1337)>
  5. Click 'Add Page'
  6. XSS Alert Message

Expected behavior The removal of script tags is not sufficient to prevent an XSS attack. You must HTML Entity encode any output that is reflected back to the page Screenshots

  1. insert payload 1
  2. xss alert message 2

Desktop (please complete the following information):

OS: Windows Browser: All Version

webbird commented 4 years ago

Thank you for reporting this! Will be fixed with upcoming release 1.4.

r0ck3t1973 commented 3 years ago

CVE-2020-25877