flatCore / flatCore-CMS

flatCore is a Web Content Management System (CMS) based on PHP and MySQL/SQLite.
https://flatcore.org
GNU General Public License v3.0
50 stars 16 forks source link

Bug Report: XSS Vulnerability in acp.php on FlatCore v1.4.6 #34

Closed ghi5107 closed 7 years ago

ghi5107 commented 7 years ago

Title: XSS Vulnerability in acp.php Security: Low (visit acp.php as a administrator) Software: https://codeload.github.com/flatCore/flatCore-CMS/zip/v1.4.6 code: pages.edit_form.php: flatcore xss

Reproduce: (get client cookie information) http://localhost/fc/acp/acp.php/p3q7o'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eoqch8?tn=pages&sub=edit&editpage=2 xss

reference about XSS: https://www.owasp.org/index.php/Cross-siteScripting(XSS)

Discovered by: ghi from Huawei Weiran Labs

ghi5107 commented 7 years ago

Do anyone confirm the issue?? I think xss vulnerabiltiy is harmful to administrator, attacker may steal information by enticing a administator to open a crafted web page.

patkon commented 7 years ago

I'll fix that as soon as possible. I'm working on it. Thanks for reporting.

ghi5107 commented 7 years ago

thanks for your response

fgeek commented 7 years ago

CVE-2017-9451 has been assigned for this vulnerability. You can add it to commit message and ChangeLog file, thanks.

ghi5107 commented 7 years ago

Verified, no longer work, thank you.