Giters

sromanhu / CVE-2023-43874-e107-CMS-Stored-XSS---MetaCustomTags

e107 2.3.2 is affected by a Multiple Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Copyright and Author field in the Meta & Custom Tags Menu.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

e107 CMS Stored XSS v2.3.2

Author: (Sergio)

Description: Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu.

Attack Vectors: Scripting A vulnerability in the sanitization of the entry in the Copyright and Author fields of "Meta & Custom Tags Menu" allows injecting JavaScript code that will be executed when the user accesses the web page.

POC:

When logging into the panel, we will go to the "Meta & Custom Tags Menu." section off General Menu.

XSS Payload

We edit that Settings that we have created and see that we can inject arbitrary Javascript code in the Copyright and Author fields.

XSS Payload:

'"><svg/onload=alert('Copyright')>

XSS Payload:

'"><svg/onload=alert('Author')>

In the following image you can see the embedded code that executes the payload in the main web.

XSS Result Copyright

XSS Result Author


Additional Information:

https://e107.org/

https://owasp.org/Top10/es/A03_2021-Injection/

https://owasp.org/www-community/attacks/xss/

About

e107 2.3.2 is affected by a Multiple Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Copyright and Author field in the Meta & Custom Tags Menu.