Coastercms 5.8.18 - Stored XSS

vendor:

Coastercms

by:

Hardik Solanki

8.8

CVSS

HIGH

Stored XSS

CWE

Product Name: Coastercms

Affected Version From: 5.8.18

Affected Version To: 5.8.18

Patch Exists: NO

Related CWE: N/A

CPE: a:coastercms:coastercms:5.8.18

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10

2020

Coastercms 5.8.18 – Stored XSS

Coastercms 5.8.18 is vulnerable to stored XSS. An attacker can inject malicious JavaScript code into the vulnerable parameter “Edit Page tab”. This code will be stored in the database and will be executed when a user visits the page. The malicious code can be used to steal the user’s cookie, redirect the user to a malicious website, etc.

Mitigation:

Input validation should be used to prevent XSS attacks. The application should validate all user input and reject any input that contains malicious code.

Source

Exploit-DB raw data:

# Exploit Title: Coastercms 5.8.18 - Stored XSS
# Exploit Author: Hardik Solanki
# Vendor Homepage: https://www.coastercms.org/
# Software Link: https://www.coastercms.org/
# Version: 5.8.18
# Tested on Windows 10

XSS IMPACT:
1: Steal the cookie
2: User redirection to a malicious website

Vulnerable Parameters: Edit Page tab

Steps to reproduce:
1: Navigate to "http://localhost/admin/login" and log in with
admin credentials.
2:- Then after login navigates to "Page --> Homepage --> Our Blog" and
click on the edit page.
3: Then add the payload "<script>alert(123)</script>" & Payload
"<h1>test</h1>", and cliock on update button. Saved succesfully.
4: Now, click on "View live page" and it will redirect you to the live page
at "http://localhost/homepage/blog" and XSS will get stored and
trigger on the main home page