Description: Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu.
Attack Vectors: Scripting A vulnerability in the sanitization of the entry in the Copyright and Author fields of "Meta & Custom Tags Menu" allows injecting JavaScript code that will be executed when the user accesses the web page.
When logging into the panel, we will go to the "Meta & Custom Tags Menu." section off General Menu.
We edit that Settings that we have created and see that we can inject arbitrary Javascript code in the Copyright and Author fields.
'"><svg/onload=alert('Copyright')>
'"><svg/onload=alert('Author')>
In the following image you can see the embedded code that executes the payload in the main web.