| Título | Sucms v1.0 web application contains a stored XSS vulnerability |
|---|
| Descripción | Overview:
Sucms v1.0 web application contains a stored XSS vulnerability in the admin_ads.php?action=add page. An attacker can inject malicious XSS payloads that can be stored on the server and later executed in the context of an unsuspecting victim's browser.
Impact:
An attacker can exploit this vulnerability to steal sensitive user information, such as session cookies, login credentials, or personal data. The attacker can also use the vulnerability to perform other malicious actions, such as redirecting users to phishing pages or delivering malware payloads.
Solution:
The vulnerability can be temporarily mitigated by adding input validation and output encoding to filter out malicious XSS payloads. However, a permanent fix would require a code update to address the underlying vulnerability in the application.
Affected versions:
Sucms v1.0 web application is affected by this vulnerability.
In /upload/admin/admin_ads.php, no regular expression filtering is applied to the $intro parameter, while adname, adenname parameters are filtered. An attacker can exploit this vulnerability by adding malicious XSS payloads to the intro parameter in the request, resulting in successful XSS injection. |
|---|
| Fuente | ⚠️ https://github.com/Upgradeextension/Sucms-v1.0/blob/main/README.md |
|---|
| Usuario | komorebi (UID 40027) |
|---|
| Sumisión | 2023-05-10 05:25 (hace 3 años) |
|---|
| Moderación | 2023-05-17 18:40 (8 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 229274 [Sucms 1.0 admin_ads.php?action=add intro secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 20 |
|---|