Cross-site Scripting (XSS) - Stored in forkcms/forkcms
May 7th 2021
forkcms is vulnerable to XSS through image name edition.
🕵️♂️ Proof of Concept
- With an authenticated user, access
- Click on
- Upload any image and then click on
Back to overview.
- With the image uploaded, click on
- Set the title as
<img src onerror=alert()>and then click on
- Repeat steps 1 and 2 for any image. Immediately after the upload, it will pop up an alert.
Users that have access to this functionality can execute arbitrary JS code.