subrion icon indicating copy to clipboard operation
subrion copied to clipboard

Published 20 hours ago verified publisher icon intelliants

Stored Xss Vulnerability through Iframe Injection on subrion CMS ver 4.0.3

Open viperbluff opened this issue 4 years ago • 0 comments

Hello

I have found stored cross site scripting bug in subrion CMS version 4.0.3 in the Create Page functionality of the admin Account.

Steps to Reproduce:

  1. Go to https://demos.subrion.org/?demo=core&admin=1
  2. As an admin Create a page
  3. In the Add a Page section go to the page content block and select IFRAME from the toolbar
  4. In the IFRAME box give URL as javascript:prompt("xss")
  5. Click on Add button at the bottom , a page will be created
  6. Search for the Page using the Name and click on search
  7. Xss prompt box will pop up

Impact: Session cookies can be stolen , user can be redirected to phishing pages , browser of the user visiting this page can be controlled etc.

POC's have been uploaded.

stored_xss_subrion_cms_4 stored_xss_subrion_cms_1 stored_xss_subrion_cms_2 stored_xss_subrion_cms_3

Fix: Please sanitize the input taken from the user before directly storing the input at the backend.

viperbluff avatar Dec 27 '20 11:12 viperbluff