Cross-site Scripting (XSS) - Reflected in admidio/admidio

Valid

Reported on

Dec 5th 2021


Description

The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Using javascript: throws an error in parsing the url. But I bypassed it using javascript://%0A.

Proof of Concept

1. Open the https://www.admidio.org/demo_en/adm_program/system/redirect.php?url=javascript://%250aalert(document.domain)
2. If you click the `here`, you can see that occur a xss!

Impact

Through this vulnerability, an attacker is capable to execute malicious scripts.

We are processing your report and will contact the admidio team within 24 hours. 2 months ago
We have contacted a member of the admidio team and are waiting to hear back 2 months ago
Markus Faßbender validated this vulnerability 2 months ago
Pocas has been awarded the disclosure bounty
The fix bounty is now up for grabs
Pocas
2 months ago

Researcher


https://www.cvedetails.com/vulnerability-list/vendor_id-8817/Admidio.html
https://cve.report/software/admidio/admidio

Hello. I've seen multiple CVEs exist for this commercial open source at the URL above. So, when the vulnerabilities I discovered are patched, I would like to receive my first CVE.

Markus Faßbender confirmed that a fix has been merged on 470f53 2 months ago
Markus Faßbender has been awarded the fix bounty
Markus
2 months ago

Maintainer


Thank you for discovering that vulnerability!

Jamie Slome
2 months ago

Admin


@fasse - the researcher for this (@wjddnjs33) has requested a CVE for this report. Are you happy for a CVE to be assigned and published for this?

Let me know! 👍

Markus
2 months ago

Maintainer


There is an CVE here: https://github.com/Admidio/admidio/security/advisories/GHSA-3qgf-qgc3-42hh

Pocas
2 months ago

Researcher


omg I got the my second CVE.. Thank you!

Pocas
2 months ago

Researcher


Hello Markus Faßbender, Can you please update the CVE for this report?

Jamie Slome
2 months ago

Admin


Sorted! 👍