Description: No-CMS is prone to a Persistent Cross-Site Scripting attack that allows a malicious user to inject HTML or scripts that can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. Anonymous user can send the XSS payload through the contact form to the Administrator.
Affected software: No-CMS
Type of vulnerability: Stored XSS
Discovered by: BreachLock
Website: https://www.breachlock.com
Author: Subodh Kumar
Description: No-CMS is prone to a Persistent Cross-Site Scripting attack that allows a malicious user to inject HTML or scripts that can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. Anonymous user can send the XSS payload through the contact form to the Administrator.
Affected Parameter: keyword
Step to reproduce the vulnerability:
Login Admin account and Open URL/contact_us, i.e. http://127.0.0.38/blog/manage_article and click on Add Article.
Put XSS payload "><svg/onload=alert("XSS_By_Breachlock")> in "keyword" parameter and publish it (See Image1.png).
Now, visit URL of your published blog, i.e., http://127.0.0.38/blog/XSS-By-Breachlock.html and (Image2.png XSS payload is getting executed here).