Cross-site Scripting (XSS) - Stored in forkcms/forkcms

Valid

Reported on

May 7th 2021


✍️ Description

The forkcms is vulnerable to XSS through image name edition.

🕵️‍♂️ Proof of Concept

  1. With an authenticated user, access http://localhost/private/en/media_library/media_item_index.
  2. Click on New media.
  3. Upload any image and then click on Back to overview.
  4. With the image uploaded, click on edit over it.
  5. Set the title as <img src onerror=alert()> and then click on Save.
  6. Repeat steps 1 and 2 for any image. Immediately after the upload, it will pop up an alert.

PoC video.

💥 Impact

Users that have access to this functionality can execute arbitrary JS code.