LightCMS 1.3.4 – ‘exclusive’ Stored XSS – Digitalmunition




Exploit/Advisories spider-orange.png

Published on February 28th, 2021 📆 | 8351 Views ⚑

0

LightCMS 1.3.4 – ‘exclusive’ Stored XSS

# Exploit Title: LightCMS 1.3.4 - 'exclusive' Stored XSS
# Date: 25/02/2021
# Exploit Author: Peithon
# Vendor Homepage: https://github.com/eddy8/LightCMS
# Software Link: https://github.com/eddy8/LightCMS/releases/tag/v1.3.4
# Version: 1.3.4
# Tested on: latest version of Chrome, Firefox on Windows and Linux
# CVE: CVE-2021-3355

An issue was discovered in LightCMS v1.3.4.(https://github.com/eddy8/LightCMS/issues/18) There is a stored-self XSS, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.

--------------------------Proof of Concept-----------------------

1. Log in to the background.

2. Navigate to System -> `/admin/SensitiveWords/create` & add the below-shared payload as the exclusive field value. Payload - 

3. Visit page `/admin/SensitiveWords`, the payload will be triggered.
            

Source link

Tagged with:



Leave a Reply