CMSimple 5.2 – ‘External’ Stored XSS

• Exploit Database
• 29 阅读

• 作者： Quadron Research Lab
  日期： 2021-04-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49751/

• # Exploit Title: CMSimple 5.2 - 'External' Stored XSS
  # Date: 2021/04/07
  # Exploit Author: Quadron Research Lab
  # Version: CMSimple 5.2
  # Tested on: Windows 10 x64 HUN/ENG Professional
  # Vendor: https://www.cmsimple.org/en/
  
  [Description]
  The CMSimple 5.2 allow stored XSS via the Settings > CMS > Filebrowser > "External:" input field.
  
  [Attack Vectors]
  The CMSimple cms "Filebrowser" "External:" input field not filter special chars. It is possible to place JavaScript code. 
  The JavaScript code placed here is executed by clicking on the Page or Files tab.
  
  [Proof of Concept]
  https://github.com/Quadron-Research-Lab/CVE/blob/main/CMSimple_5.2_XSS.pdf