Autenticated Stored Cross-Site Scripting (XSS) in pluck-cms/pluck
Mar 13th 2023
Login to the admin account. Use the following URL (http://192.168.0.211/admin.php?action=files) or navigate to pages -> manage files.
Upload the XSS payload with “.html” extension.
Intercept the request with Burp Suite.
Modify the Content-Type to application/x-php and forward the request.
File uploaded successfully.
View the sample.html file with the lens icon next to the filename or uploaded file should be stored in (http://192.168.0.211/file/sample.html).
Observed that our XSS payload is executed successfully.
Admin credential is requried to upload this file. Once the file is uploaded we can able to access even without login.
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user Cookie theft leading to session hijacking, XSS keylogger(Able to log keystrokes), Make an arbitrary request on the users’ behalf, Redirect the users to the malicious site
Note: This vulnerability is already informed to the concern development team and they fixed this issue on 4.7.16. Requesting for CVE for this finding.
For confirmation please check the release notes of PluckCMS 4.7.16
Hi Team, Is this vulnerability is not capable to CVE's ?