Cross-site scripting - DOM via view file function in microweber/microweber

Valid

Reported on

Apr 28th 2022


Description

In Modules -> Files, when click a file will have a popup and in URL will append select-file= fragment, so this fragment in url lead to XSS-DOM.

Proof of Concept

http://localhost/microweber/admin/view:modules/load_module:files#select-file=http://google.com.vn%3Cimg%20src%3dx%20onerror%3d%22alert(window.origin)%22%20x=/%3E

Poc image

image

Impact

This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of same origin page, etc ...

We are processing your report and will contact the microweber team within 24 hours. a month ago
Nhien.IT modified the report
a month ago
Nhien.IT modified the report
a month ago
We have contacted a member of the microweber team and are waiting to hear back a month ago
Peter Ivanov modified the Severity from High to Low a month ago
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
Peter Ivanov validated this vulnerability a month ago
Nhien.IT has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Peter Ivanov confirmed that a fix has been merged on bd419c a month ago
Peter Ivanov has been awarded the fix bounty
Nhien.IT
a month ago

Researcher


Hi @maintainer,

Is this vulnerability CVE-ID signed?

Nhien.IT
a month ago

Researcher


Hi @admin,

Can i have CVE for this report?

Jamie Slome
25 days ago

Admin


Typically, we won't assign CVEs to reports that have such low-security impact - however, if the maintainer is happy to assign and publish one, we can.

@maintainer - are you happy for a CVE to be assigned and published for this report?

Nhien.IT
25 days ago

Researcher


Hi @admin @maintainer,

There's unfairness here, because in other report in microweber with same attack vector but it marked high severity, have bounty and CVE, but mine is not :). I am so sorry because i dont understand.

You can see at https://huntr.dev/bounties/d9f9b5bd-16f3-4eaa-9e36-d4958b557687/

Please consider for me

  • https://huntr.dev/bounties/eb8160a2-7984-42f1-aa30-bda60e1c6be7/
  • https://huntr.dev/bounties/95793a5a-7b81-4967-9730-a6667f129d26/
to join this conversation