Reflected XSS in forkcms/forkcms

Valid

Reported on

Mar 11th 2022


Description

Privacy Consent in ForkCMS (v 5.11.0) Setting unsanitized user input resulting in Reflected XSS.

Proof of Concept

Endpoint

  1. http://IP/private/en/settings/index

Step

  1. Login to ForkCMS
  2. Go to Settings -> General
  3. Insert payload on "Technical Name" user input at "Privacy Consent" panel

Payload

  1. "><script>alert("reflected-xss")</script>

POC pic

  1. xss-trigger

  2. technical-name

Impact

This vulnerability is capable of executing a malicious javascript code in web page.

We are processing your report and will contact the forkcms team within 24 hours. 3 months ago
We have contacted a member of the forkcms team and are waiting to hear back 3 months ago
We have sent a follow up to the forkcms team. We will try again in 7 days. 2 months ago
din modified the report
2 months ago
din
2 months ago

Researcher


Hi team. any update on this

We have sent a second follow up to the forkcms team. We will try again in 10 days. 2 months ago
Jelmer Prins modified the report
2 months ago
Jelmer Prins validated this vulnerability 2 months ago
din has been awarded the disclosure bounty
The fix bounty is now up for grabs
din
2 months ago

Researcher


thanks for validating this

We have sent a fix follow up to the forkcms team. We will try again in 7 days. 2 months ago
Jelmer Prins confirmed that a fix has been merged on 8e8760 2 months ago
Jelmer Prins has been awarded the fix bounty
to join this conversation