abisheikMagesh
commented
4 years ago 
Closed abisheikMagesh closed 4 years ago
abisheikMagesh
commented
4 years ago
vzuburlis
commented
4 years ago That's a good find. The path entered by user should be cleaned from html entities. It is fixed a version 1.15.3 Thank you for your contribution.
abisheikMagesh
commented
4 years ago can i know what for what kind of issue you are assigning cve ?
abisheikMagesh
commented
4 years ago so that i can submit that kind of issue ?
vzuburlis
commented
4 years ago yes
abisheikMagesh
commented
4 years ago i think i dint got answer for my question
vzuburlis
commented
4 years ago I dont know the types. Maybe 'Authenticated Reflected XSS'
Description :
What is XSS/Cross-site scripting?
Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data.
Reflected cross-site scripting Reflected XSS is the simplest variety of cross-site scripting. It arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way.
Here is a simple example of a reflected XSS vulnerability:
https://affectedsite.com/status?message=All+is+well.
Status: All is well.
The application doesn't perform any other processing of the data, so an attacker can easily construct an attack like this:
https://affectedsite.com/status?message=
Status:
If the user visits the URL constructed by the attacker, then the attacker's script executes in the user's browser, in the context of that user's session with the application. At that point, the script can carry out any action, and retrieve any data, to which the user has access.
Attack Scenario:
Attacker can craft the GET request and send to the victim which can execute the malicious javascript code on the admin panel
STEP TO REPRODUCE :
Set up the cms on local host Open the following url http://127.0.0.1/gila/gila-1.15.2/admin/usersda7fp%22onmouseover%3d%22alert(document.cookie)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22lsx05?tab=0
Simply move the mouse pointer across the screen the payload will fire
HOW TO FIX ? You can simply fix the issue by following the owasp prevention cheetsheet Reference: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
Tested On:
Operating system : Windows 10 pro Browser : firefox 79.0 (64-bit) latest