| 제목 | Umbraco Umbraco CMS Version 12.3.6 Cross Site Scripting |
|---|
| 설명 | While saving and previewing the content 'culture' parameter in file path /umbraco/preview/frame?id{}&culture=en-US is vulnerable to stored cross site scripting.
Attack vector(s)
1. Login to the Umbraco dashboard with a user who have privilege to edit the website content.
2. Navigate to Content tab and click any one of the entries from content tab.
3. Click on "Save and preview," and a request will pass with the file path /umbraco/preview/frame?id{}&culture=en-US, Take the request to repeater.
4. Enter the payload "%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e" in the culture parameter; it will redirect to the location as "../../{id}?culture="><script>alert(document.domian)</script>" with the 301 status code, simply follow the redirection.
5. A redirected request will send our payload and in response, we can see the executed payload. |
|---|
| 원천 | ⚠️ https://owasp.org/www-community/attacks/xss/ |
|---|
| 사용자 | kushkira (UID 60170) |
|---|
| 제출 | 2024. 10. 20. AM 10:19 (1 년도 ago) |
|---|
| 모더레이션 | 2024. 11. 03. AM 08:39 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 282930 [Umbraco CMS 까지 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1 Dashboard frame?id{} culture 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|