Sitefinity 15.0 - Cross-Site Scripting (XSS)

vendor:

Sitefinity CMS

by:

Aldi Saputra Wahyudi

4.1

CVSS

MEDIUM

Cross-Site Scripting (XSS)

CWE

Product Name: Sitefinity CMS

Affected Version From: Version 0.0.1

Affected Version To: Version 15.0.0

Patch Exists: NO

Related CWE: CVE-2023-27636

CPE: a:progress:sitefinity_cms:14.9.3

Metasploit:

Other Scripts:

Platforms Tested: Windows, Linux

2023

Sitefinity 15.0 – Cross-Site Scripting (XSS)

A Cross-Site Scripting (XSS) vulnerability was found in Sitefinity CMS versions prior to 15.0.0. The vulnerability exists in all features using SF-Editor in the backend of the CMS. An attacker with lower privileges can insert malicious XSS payloads in the content form, which will be executed when a user with higher privileges, the victim, views the affected page.

Mitigation:

To mitigate this vulnerability, it is recommended to update Sitefinity CMS to version 15.0.0 or later. Additionally, input validation mechanisms should be implemented to filter out any potentially malicious scripts.

Source

Exploit-DB raw data:

# Exploit Title: Sitefinity 15.0 - Cross-Site Scripting (XSS)
# Date: 2023-12-05
# Exploit Author: Aldi Saputra Wahyudi
# Vendor Homepage: https://www.progress.com/sitefinity-cms
# Version: < 15.0.0
# Tested on: Windows/Linux
# CVE : CVE-2023-27636

# Description: In the backend of the Sitefinity CMS, a Cross-site scripting vulnerability has been discovered in all features that use SF-Editor

# Steps To Reproduce:

Attacker as lower privilege
Victim as Higher privilege

1. Login as an Attacker
2. Go to the function using the SF Editor, go to the news page as example
3. Create or Edit news item
4. On the content form, insert the XSS payload as HTML
5. After the payload is inserted, click on the content form (just click) and publish or save
6. If the victim visits the page with XSS payload, XSS will be triggered

Payload: <noalert><iframe src="javascript:alert(document.domain);">