flatpress icon indicating copy to clipboard operation
flatpress copied to clipboard

Published 20 hours ago verified publisher icon flatpressblog

Flatpress- 1.2.1 - Reflected XSS on page parameter

Open s4n-h4xor opened this issue 2 years ago • 1 comments

Severity: Medium

Description: Cross-site scripting (XSS) vulnerabilities arise when an attacker sends malicious code to the victim's browser, mostly using JavaScript. A vulnerable web application might embed untrusted data in the output, without filtering or encoding it. In this way, an attacker can inject a malicious script into the application, and the script will be returned in the response. This will then run on the victim's browser. It is observed that the page parameter does not sanitize input properly which leads to reflected XSS attacks.

Technical Impact: It is possible to steal or manipulate customer sessions and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter the blog.

Suggested Remediation:

  1. Application should encode data on output.
  2. Application should filter input on page parameters.

Steps to Reproduce:

  1. Login to the application 1

  2. Entre the below payload in the URL and observe XSS payload getting executed. Payload: http://server/flatpress/admin.php?p=static&action=write&page=%22onfocus%3d%22alert%28document.cookie%29%22autofocus%3d%22zr4da

2

Opening issue here, Got no reply from [[email protected]] for 2 months

s4n-h4xor avatar Sep 28 '22 01:09 s4n-h4xor

Confirmed. Sorry for being late!

azett avatar Oct 02 '22 12:10 azett

Hello all,

laborix has created a solution in the forum.

With best regards Frank

Fraenkiman avatar Nov 30 '22 21:11 Fraenkiman

Fixed with 0a7ad2c, thank you very much for reporting!

azett avatar Dec 17 '22 13:12 azett