Lucene search

K
huntrChristynorlCF59DEED-9D43-4552-ACFD-43F38F3AABBA
HistoryDec 24, 2022 - 3:28 p.m.

Stored XSS in the module named "Website settings"

2022-12-2415:28:11
christynorl
www.huntr.dev
8

0.001 Low

EPSS

Percentile

21.0%

Description

Our engineer found security problems when testing our website. And I have tested the demo website you provided. I found that there is indeed an xss vulnerability. I hope you can check and provide a fix as soon as possible.Thanks.

\\

The reason for the vulnerability is that you have used blacklists in /src/MicroweberPackages/Helper/XSSClean.php for filtering, but the blacklists are not perfect.And there are still events that can be used, such as ‘onbeforeinput’.

Video link

link

https://drive.google.com/file/d/1gHXwqgI_uyIlMD45OhjopLFf5Gz9LovY/view?usp=share_link

Steps

1.Login as administrator.

2.Click the ‘Settings’ module.

3.Click and go into section named ‘E-mail’ or ‘General’.

4.Enter the following value in the input box of the page.

xss"onbeforeinput="alert(1)"

This vulnerability lies in module ‘Settings’ of the administrator interface. All contents of module ‘Website settings’, including ‘General’,
‘E-mail’,‘Advanced’ have this xss vulnerability.

0.001 Low

EPSS

Percentile

21.0%

Related for CF59DEED-9D43-4552-ACFD-43F38F3AABBA