Cross-site Scripting (XSS) - Stored in mineweb/minewebcms

Valid

Reported on

Feb 20th 2022


Description

Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

Proof of Concept

Steps to Reproduce:-
=> Install the WebApp and Setup it
=> Login in to webAPP using Admin Creds. 
=> Navigate to "http://localhost/MineWebCMS-1.15.2/admin/navbar"
=> Add/Edit a Link Select "Drop-Down Menu"
=> "Link Name" and "URL" Both Input are Vulnerable to Exploit Simple XSS 
=>  Payload : <script>alert(1);</script>
=> XSS will trigger on "http://localhost/MineWebCMS-1.15.2/" Aka WebApp HOME Page

Note : As you can see this simple payload working in those two inputs as normally . Whole WebApp Admin Input Structure is allow to do HTML Injection or XSS Injection 

Here i attach two ScreenShot for Easy UnderStand

Impact

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.

References

We are processing your report and will contact the mineweb/minewebcms team within 24 hours. 3 months ago
We have contacted a member of the mineweb/minewebcms team and are waiting to hear back 3 months ago
We have sent a follow up to the mineweb/minewebcms team. We will try again in 7 days. 3 months ago
We have sent a second follow up to the mineweb/minewebcms team. We will try again in 10 days. 3 months ago
nivcoo validated this vulnerability 3 months ago
AggressiveUser has been awarded the disclosure bounty
The fix bounty is now up for grabs
AggressiveUser
3 months ago

Researcher


@admin @maintainer can you assign CVE ID if it’s possible for this report

nivcoo confirmed that a fix has been merged on 06ce52 3 months ago
nivcoo has been awarded the fix bounty
Jamie Slome
3 months ago

Admin


Sure, we can help you out with this. Firstly, we do require the go-ahead from the maintainer before we publish the CVE.

@maintainer - are you happy for us to assign and publish a CVE for this report?

nivcoo
2 months ago

Maintainer


Sorry for the late, i did'nt see the message, yes you can

AggressiveUser
2 months ago

Researcher


@admin please assign one

Jamie Slome
2 months ago

Admin


Sorted! 🍰

to join this conversation