cms icon indicating copy to clipboard operation
cms copied to clipboard
verified publisher icon liufee

FeehiCMS version 2.1.1 - Cross Site Scripting (XSS) in id parameter of Banner Update function

Open kiwi865 opened this issue 3 months ago • 0 comments

[Cross Site Scripting (XSS) in id parameter of Banner Update function]

Severity Score: Medium

CVSS Score: 7.6 High, CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Description

There is a XSS vulnerability in id parameter of Banner Update function, allows authenticated backend user to visit the vulnerable URL and executes the malicious JavaScript.

Impact

Malicious JavaScript can be executed which will impact the confidentiality and integrity of the backend users, backend configuration and records.

POC

Login as a backend user. Navigate to the link below, the JavaScript will be executed. http://localhost:8081/admin/index.php?r=banner%2Fupdate&id=25%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E

Image Image

Remediation

  1. Strict Input Validation - Accept only valid formats for id (numeric or UUID).
  2. Context-Aware Output Encoding - Encode the id value before rendering into HTML.

kiwi865 avatar Oct 02 '25 18:10 kiwi865