Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is a stored xss vulnerability exists in DoraCMS #255

Open
afeng2016-s opened this issue Feb 19, 2022 · 0 comments
Open

There is a stored xss vulnerability exists in DoraCMS #255

afeng2016-s opened this issue Feb 19, 2022 · 0 comments

Comments

@afeng2016-s
Copy link

[Suggested description]
There is a storage XSS vulnerability in the background / admin / contenttemp module of doracms system. The user can access index HTML and 404 HTML page number will trigger JS pop-up.

[Vulnerability Type]
Storage XSS vulnerability

[Vendor of Product]
https://github.com/doramart/DoraCMS

[Affected Product Code Base]
DoraCMS v2.1.8

[Attack Type]
Remote

[Impact Code execution]
true

[Vulnerability proof]
Step 1: log in to doracms and visit the admin / contenttemp page at URL: http://127.0.0.1:8080/admin/contentTemp。As can be seen from the figure below, the template is a page frequently visited by users, such as 404 html、index. html。
image

Step 2: enter the JS code < script > alert (1) < / script > in the template, as shown in the following figure.
image

image

Step 3: after saving the changes, visit 404 HTML and index HTML, trigger JS code execution pop-up window.
image
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant