CSZ CMS is an open source web application that allows to manage all content and settings on the websites. (https://www.cszcms.com/)
Vulnerability Title: Store-XSS-Vulnerability-in-cszcms
Affected Version: V1.3.0
Discovery time: 2023.11.16
Discovered by: t34t
Analysis Report:
(A) vulnerability verification process
Vulnerability environment: windows+apache+php7+mysql
The source code is downloaded from the official website:
https://www.cszcms.com/product/download
Then follow the prompts to install.
Vulnerability details:
In the administration background, when performing website configuration, the Additional Meta Tag section is not strictly filtered, and the running user inserts svg tags to execute code, resulting in a stored XSS vulnerability
Page address:http://localhost/CSZCMS-V1.3.0/admin/settings/
The Additional Meta Tag section is filled with the attack vector:
<svg><animate onbegin=alert(1) attributeName=x dur=1s>
Then when the homepage is visited, the js code alert(1) is executed:
Patch Program: Strict filtering of user input in Meta Tag
CVE-2023-6303 cnvd?It's so inefficient