Content Management System 1.0 - 'First Name' Stored XSS

vendor:

Content Management System

by:

Zhayi (Zeo)

4.3

CVSS

MEDIUM

Stored XSS

CWE

Product Name: Content Management System

Affected Version From: Version 1

Affected Version To: Version 1

Patch Exists: NO

Related CWE: N/A

CPE: //a:sourcecodester.com/php/14625/content-management-system-using-phpmysqli-source-code.html

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: WINDOWS 10

2020

Content Management System 1.0 – ‘First Name’ Stored XSS

A stored XSS vulnerability exists in Content Management System 1.0, where an attacker can inject malicious JavaScript code into the 'First Name' field of the user profile. By logging in with any valid user credentials, clicking on the logged in username on the header and selecting Manage Account, an attacker can rename the user First Name to a malicious JavaScript code. Upon updating the profile, the XSS will be triggered and the domain name will be displayed when the user logs in again.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the 'First Name' field.

Source

Exploit-DB raw data:

# Exploit Title:Content Management System 1.0 - 'First Name' Stored XSS
# Exploit Author: Zhayi (Zeo)
# Date: 2020-12-14
# Vendor Homepage: https://www.sourcecodester.com/php/14625/content-management-system-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14625&title=Content+Management+System+using+PHP%2FMySQLi+with+Source+Code
# Affected Version: Version 1
# Tested on: WINDOWS 10

Step 1: Log in to the CMS with any valid user credentials.
Step 2: Click on the logged in username on header and select Manage Account.
Step 3: Rename the user First Name to
"<script>alert(document.domain)</script>".
Step 4: Update Profile and this will trigger the XSS.
Step 5: Logout and login again and the page will display the domain name.