Lucene search
Scgajge1218A74A9D-4A2D-4BF8-AE62-56A909427070HistoryJun 28, 2023 - 3:50 a.m.
Stored XSS in Title
2023-06-2803:50:56
scgajge12
www.huntr.dev
4
xss
stored
spina
admin
javascript
arbitrary
execution
browser
proof of concept
payload
parameter
privilege
attack
video
0.001 Low
EPSS
Percentile
23.3%
Description
Spina’s admin screen has an embedded XSS in the title of the page.
By embedding arbitrary JavaScript code in the function of Paguri, arbitrary scripts can be executed on the browser when the administrator user who accessed the page deletes the page.
Proof of Concept
Step 1. Access the admin screen and open a new page.
Step 2. Specify the following Payload in the title of the page and save it.
Step 3. Any embedded script (alert) will be executed on the confirmation screen when deleting a saved page.
Payload
'"><img src>
Parameter
page[en_content_attributes][0][title]
Privilege required for attack
Users who can log in to the administrator screen and edit pages
PoC Video
https://drive.google.com/file/d/1daQkxox9Y_U4pveMv24daeWUfA9u_vte/view?usp=sharing
Related
cve
cve
CVE-2023-3445
2023-06-28 14:15:10
prion
prion
Cross site scripting
2023-06-28 14:15:00
osv
osv
CVE-2023-3445
2023-06-28 14:15:10
Spina Cross-site Scripting vulnerability
2023-06-28 15:30:23
nvd
nvd
CVE-2023-3445
2023-06-28 14:15:10
github
github
Spina Cross-site Scripting vulnerability
2023-06-28 15:30:23
cvelist
cvelist
CVE-2023-3445 Cross-site Scripting (XSS) - Stored in spinacms/spina
2023-06-28 13:22:48