Xoops CMS 2.5.10 - Stored Cross-Site Scripting (XSS) (Authenticated)

vendor:

Xoops CMS

by:

tmrswrr

7.5

CVSS

HIGH

Stored Cross-Site Scripting (XSS)

CWE

Product Name: Xoops CMS

Affected Version From: 2.5.10

Affected Version To: 2.5.10

Patch Exists: NO

Related CWE:

CPE: a:xoops:xoops:2.5.10

Metasploit:

Other Scripts:

Platforms Tested:

2023

Xoops CMS 2.5.10 – Stored Cross-Site Scripting (XSS) (Authenticated)

This exploit allows an authenticated user to inject arbitrary HTML or JavaScript code into the Xoops CMS admin panel. By adding a malicious payload in the Category Name field of the Image Manager, an attacker can execute a stored XSS attack. The payload '<script>alert(1)</script>' is used as an example.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user inputs and implement proper output encoding to prevent the execution of malicious scripts. Additionally, user roles and permissions should be carefully managed to limit access to sensitive functionality.

Source

Exploit-DB raw data:

# Exploit Title: Xoops CMS 2.5.10 - Stored Cross-Site Scripting (XSS) (Authenticated)
# Date: 2023-06-12
# Exploit Author: tmrswrr
# Vendor Homepage: https://xoops.org/
# Software https://github.com/XOOPS/XoopsCore25/releases/tag/v2.5.10
# Version: 2.5.10
# Tested : https://www.softaculous.com/apps/cms/Xoops


--- Description ---

1) Login admin panel and click Image Manager , choose Add Category : 
https://demos5.softaculous.com/Xoopshkqdowiwqq/modules/system/admin.php?fct=images
2) Write your payload in the Category Name field and submit:
Payload: <script>alert(1)</script>
3) After click multiupload , when you move the mouse to the payload name, you will see the alert button
https://demos5.softaculous.com/Xoopshkqdowiwqq/modules/system/admin.php?fct=images&op=multiupload&imgcat_id=2