Giters

sromanhu / -CVE-2023-43340-Evolution-Reflected-XSS---Installation-Admin-Options

Evolution CMS 3.2.3 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload in the installation/options process.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Evolution CMS Reflected XSS v3.2.3

Author: (Sergio)

Description: Multiple Cross-site scripting (XSS) reflected vulnerabilities in the evolution v.3.2.3 installation process Admin options allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters.

Attack Vectors: A vulnerability in the sanitization of the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters of the Database installation Admin options process allows JavaScript code to be injected.

POC:

During the installation process we enter the XSS payload in the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters and when we click on next, we will obtain the XSS pop-up.

XSS Payload:

'"><svg/onload=alert('admin_name')>

In the following image you can see the embedded code that executes the payload in the installation process.

XSS Payload Name

XSS Payload email

XSS Payload password y password confirm

And the result will be reflected with the pop-up of the following evidence:

XSS result Name

XSS result emailpng

XSS result password

XSS result password confirm


Additional Information:

https://evo.im/

About

Evolution CMS 3.2.3 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload in the installation/options process.