[Suggested description]
There is a storage XSS vulnerability in the background / admin / contenttemp module of doracms system. The user can access index HTML and 404 HTML page number will trigger JS pop-up.
[Vulnerability proof]
Step 1: log in to doracms and visit the admin / contenttemp page at URL: http://127.0.0.1:8080/admin/contentTemp。As can be seen from the figure below, the template is a page frequently visited by users, such as 404 html、index. html。
Step 2: enter the JS code < script > alert (1) < / script > in the template, as shown in the following figure.
Step 3: after saving the changes, visit 404 HTML and index HTML, trigger JS code execution pop-up window.
[Suggested description] There is a storage XSS vulnerability in the background / admin / contenttemp module of doracms system. The user can access index HTML and 404 HTML page number will trigger JS pop-up.
[Vulnerability Type] Storage XSS vulnerability
[Vendor of Product] https://github.com/doramart/DoraCMS
[Affected Product Code Base] DoraCMS v2.1.8
[Attack Type] Remote
[Impact Code execution] true
[Vulnerability proof] Step 1: log in to doracms and visit the admin / contenttemp page at URL: http://127.0.0.1:8080/admin/contentTemp。As can be seen from the figure below, the template is a page frequently visited by users, such as 404 html、index. html。![image](https://user-images.githubusercontent.com/85676107/154801346-54340fbd-9030-4a19-a1a1-88aeefac265b.png)
Step 2: enter the JS code < script > alert (1) < / script > in the template, as shown in the following figure.![image](https://user-images.githubusercontent.com/85676107/154801374-e0cbc161-4991-41e8-a402-f97b3b46fb25.png)
Step 3: after saving the changes, visit 404 HTML and index HTML, trigger JS code execution pop-up window.
![image](https://user-images.githubusercontent.com/85676107/154801411-b33acdf1-88bd-433d-a8a7-0786dc5044e6.png)