LightCMS 1.3.4 - (exclusive) Stored XSS Vulnerability

ID 1337DAY-ID-35868
Type zdt
Reporter zdt
Modified 2021-02-26T00:00:00


                                            # Exploit Title: LightCMS 1.3.4 - 'exclusive' Stored XSS
# Exploit Author: Peithon
# Vendor Homepage:
# Software Link:
# Version: 1.3.4
# Tested on: latest version of Chrome, Firefox on Windows and Linux
# CVE: CVE-2021-3355

An issue was discovered in LightCMS v1.3.4.( There is a stored-self XSS, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.

--------------------------Proof of Concept-----------------------

1. Log in to the background.

2. Navigate to System -> `/admin/SensitiveWords/create` & add the below-shared payload as the exclusive field value. Payload - </span><img src=1 onerror=alert(1) /><span>

3. Visit page `/admin/SensitiveWords`, the payload will be triggered.

# [2021-09-10]  #