Cross-site Scripting (XSS) - Stored in microweber/microweber
Mar 9th 2022
Type parameter in the body of POST request triggered by add/edit tax in microweb are vulnerable to stored XSS.
(1) Settings > Taxes > Tax type
Proof of Concept
Step (1): Access https://demo.microweber.org/?template=dream
Step (2): Browse to Settings > Taxes > Tax type
Step (3): Add or Edit current tax and input legitimate value so as to capture legitimate request
Step (4): Modify the value of type parameter in the POST request body with below example, which is URL encoded:
Step (5): Forward the request after modification
An attack controlled alert box will be prompted whenever a user access this page, i.e. (Settings > Taxes > Tax type)
If an attacker can control a script that is executed in the victim's browser, they might compromise that user, in this case, an admin, by stealing its cookies.