Giters

sromanhu / CVE-2023-44767_RiteCMS-File-Upload--XSS---Filemanager

RiteCMS 3.0 is affected by File Upload - XSS vulnerability that allows attackers to upload a PDF file with a hidden XSS that when executed will launch the XSS pop-up

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

RiteCMS 3.0 File Upload - XSS

Author: (Sergio)

Description: File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a svg file with XSS content.

Attack Vectors: AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

POC:

We create an svg file with the following content:

<svg
onload="alert('xss attach')"
 xmlns="http://www.w3.org/2000/svg">
</svg>

When logging into the panel, we will go to the "Filemanager" section off Administration Menu and click on Upload file.

File Upload XSS fichero subido

Here we see the svg file uploaded correctly:

File Upload XSS fichero subido 2

Then we open the file and the XSS pop-up appears

File Upload XSS result


Additional Information:

https://github.com/handylulu/RiteCMS/

About

RiteCMS 3.0 is affected by File Upload - XSS vulnerability that allows attackers to upload a PDF file with a hidden XSS that when executed will launch the XSS pop-up