Store XSS via Upload Photos in album in instantsoft/icms2

Valid

Reported on

Aug 9th 2023

Description

The application does not check the file upload and content file extension. This results in an attacker being able to upload a malicious file that leads to xss.

Proof of Concept

Video POC: https://drive.google.com/file/d/1QZSCvgrmdXaZb7xoD-eA0iLlL7vDPKYw/view?usp=sharing

Payload

<img src=x onerror=alert("XSS")>

Impact

Through this vulnerability, an attacker is capable to execute malicious scripts.

References

https://owasp.org/www-community/attacks/xss/

We are processing your report and will contact the instantsoft/icms2 team within 24 hours. a month ago

We have contacted a member of the instantsoft/icms2 team and are waiting to hear back a month ago

A instantsoft/icms2 maintainer validated this vulnerability a month ago

Chiencp has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

A instantsoft/icms2 maintainer gave praise a month ago

Thank you!

The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1

Chiencp

commented a month ago

Researcher

My Pleasure ! Would it be possible to assign a CVE ? Thank you !

A instantsoft/icms2 maintainer marked this as fixed in 2.16.1-git with commit 7a7e57 a month ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

This vulnerability is scheduled to go public on Aug 31st 2023

A instantsoft/icms2 maintainer published this vulnerability 22 days ago

to join this conversation