sromanhu / CVE-2023-41436-CSZ-CMS-Stored-XSS---Pages-Content

CSZ CMS 1.3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Additional Meta Tag parameter in the Pages Content Menu.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CSZ CMS Stored XSS v1.3.0

Author: (Sergio)

CVE: 2023-41436

Description: Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component.

Attack Vectors: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CVSS3 Score: 5.4 - MEDIUM


POC:

When logging into the panel, we will go to the "Pages Content" section off General Menu [(http://localhost/cszcms/admin/pages)]

image

We edit the Content of /home and see that we can inject arbitrary Javascript code into the Additional Meta tag field.

XSS Payload:

<img src=1 onerror=alert("1")

In the following image you can see the embedded code that executes the payload in the main web /home with the admin user:

image

image

If we log in with another user, the payload also skips: image

image

It can also be verified using other payloads as in the following evidence: image

image

Or this other:

image

image


Additional Information:

http://cszcms.com https://owasp.org/Top10/es/A03_2021-Injection/ https://owasp.org/www-community/attacks/xss/

About

CSZ CMS 1.3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Additional Meta Tag parameter in the Pages Content Menu.