| عنوان | xunruicms 4.7.1 xss |
|---|
| الوصف | XunRuiCMS version 4.7.1 and earlier is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the JSONP callback parameter. The vulnerability exists in the dr_show_error() function (lines 272-276) and dr_exit_msg() function (lines 296-300) located in /dayrui/Fcms/Init.php. When processing JSONP requests, the application retrieves the 'callback' parameter directly from $_GET['callback'] and echoes it to the HTTP response without any input validation, output encoding, or sanitization. This allows a remote unauthenticated attacker to inject arbitrary JavaScript code by crafting a malicious URL such as: http://[target]/index.php?s=api&c=api&m=test&callback=alert(document.cookie)// When a victim clicks on this malicious link, the injected JavaScript code executes in the context of the victim's browser session, potentially leading to session hijacking, credential theft, or other malicious actions. The vulnerability can be exploited without authentication and only requires user interaction (clicking a malicious link). Note that the _jsonp() method in /dayrui/Fcms/Core/Phpcmf.php correctly uses dr_safe_replace() for callback sanitization, but the global functions dr_show_error() and dr_exit_msg() in Init.php do not implement the same protection, creating an inconsistent security posture. |
|---|
| المصدر | ⚠️ https://note-hxlab.wetolink.com/share/gbCf35DJ3los |
|---|
| المستخدم | yu22x (UID 34832) |
|---|
| ارسال | 16/12/2025 04:15 AM (4 أشهر منذ) |
|---|
| الاعتدال | 27/12/2025 12:26 PM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 338522 [dayrui XunRuiCMS حتى 4.7.1 JSONP Callback /dayrui/Fcms/Init.php dr_show_error/dr_exit_msg callback البرمجة عبر المواقع] |
|---|
| النقاط | 19 |
|---|