CVE-2023-48940 in DaiCuo
Summary
by MITRE • 12/06/2023
A stored cross-site scripting (XSS) vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 03/02/2026
The stored cross-site scripting vulnerability identified as CVE-2023-48940 affects DaiCuo v2.5.15 and represents a critical security flaw in the administrative interface of this content management system. This vulnerability exists within the /admin.php file and allows attackers to inject malicious scripts that persist in the application's database, making it a stored XSS variant rather than a reflected or DOM-based vulnerability. The flaw enables unauthorized individuals to execute arbitrary web scripts or HTML code within the context of other users' browsers who visit the compromised pages. The vulnerability's impact is particularly severe because it operates within the administrative panel, potentially providing attackers with elevated privileges and access to sensitive administrative functions.
The technical implementation of this vulnerability stems from inadequate input validation and output sanitization within the DaiCuo administrative interface. When administrators or users submit data through the /admin.php endpoint, the application fails to properly sanitize user-supplied input before storing it in the database. This allows attackers to embed malicious JavaScript code within form fields, text areas, or other input mechanisms that are subsequently rendered back to users without proper HTML escaping or encoding. The stored nature of this vulnerability means that the malicious payload remains persistent in the system, executing every time the affected page is accessed by any user with sufficient privileges to view the compromised content. This characteristic aligns with CWE-79 which specifically addresses cross-site scripting vulnerabilities and their various forms including stored XSS attacks.
The operational impact of CVE-2023-48940 extends beyond simple script execution and can lead to severe consequences including session hijacking, privilege escalation, data theft, and complete system compromise. Attackers can leverage this vulnerability to steal administrator session cookies, execute commands on behalf of privileged users, modify or delete critical system data, and potentially establish backdoors for persistent access. The vulnerability creates a persistent threat vector that can be exploited by attackers who gain access to the application's administrative interface, potentially leading to full system compromise. According to ATT&CK framework category T1566, this vulnerability represents a technique for initial access through malicious input, while T1059 demonstrates how attackers can use command and scripting interpreters to execute malicious code. The stored nature of the vulnerability also enables more sophisticated attack chains where attackers can first establish persistence through the XSS payload before executing additional malicious activities.
Organizations using DaiCuo v2.5.15 should immediately implement mitigations including input validation and output encoding for all user-supplied data within administrative interfaces. The most effective immediate solution involves implementing proper HTML escaping and sanitization of all content before storage and rendering, ensuring that any potentially malicious scripts are neutralized before being stored in the database. Additionally, implementing Content Security Policy headers can provide an additional layer of protection by restricting script execution within the application context. Regular security audits and input validation testing should be conducted to identify similar vulnerabilities in other parts of the application. The vulnerability also underscores the importance of keeping all software components updated and patched, as this issue specifically affects version 2.5.15 and likely other versions of the DaiCuo platform. Organizations should also consider implementing web application firewalls and monitoring for suspicious input patterns that might indicate attempted exploitation of similar vulnerabilities. The remediation process should include thorough testing to ensure that the applied fixes do not break existing functionality while effectively neutralizing the XSS threat vector.