Rite CMS v3.0 Multiple Stored XSS

Author: (Sergio)

Description: Rite CMS 3.0 is affected by a Multiple Cross-Site scripting (XSS) stored vulnerability that allows attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu. The payload will be executed on the main page independent of the user's session, so accessing the home web with another user will also execute the payload.

Attack Vectors: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

POC:

When logging into the panel, we will go to the "Administration - Home" section or we create a new page and add the payloads.

We edit the body configuration where we add the XSS payloads. As there are several fields and only the output of the alert changes, I indicate the payload one of them:

XSS Payload:

'"><svg/onload=alert('Description')>

In the following images you can see the embedded code that executes the payload in the main web. As there are several sections, I show them separately:

CONTENT:

We click on Edit:

Result:

PROPERTIES:

Result:

SIDEBAR:

Result:

About

RiteCMS 3.0 is affected by a Multiple Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Home settings page in the Administration Menu