This CHT Posted November 4, 2022 Group: The leader of the Content Count: 4,798 Achievement Points: 31,700 With Us For: 233 Days Status: Offline Last Seen: May 19 Device: Windows Share Posted November 4, 2022 # Exploit Title: CMSimple 5.2 - 'External' Stored XSS # Date: 2021/04/07 # Exploit Author: Quadron Research Lab # Version: CMSimple 5.2 # Tested on: Windows 10 x64 HUN/ENG Professional # Vendor: https://www.cmsimple.org/en/ [Description] The CMSimple 5.2 allow stored XSS via the Settings > CMS > Filebrowser > "External:" input field. [Attack Vectors] The CMSimple cms "Filebrowser" "External:" input field not filter special chars. It is possible to place JavaScript code. The JavaScript code placed here is executed by clicking on the Page or Files tab. [Proof of Concept] https://github.com/Quadron-Research-Lab/CVE/blob/main/CMSimple_5.2_XSS.pdf Link to comment Share on other sites More sharing options...
Recommended Posts