Headline
CVE-2021-46084: There is a stored xss vulnerability exists in uscat. · Issue #2 · chenniqing/uscat
uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via “close registration information” input box.
[Suggested description]
Cross SIte Scripting (XSS) vulnerability exists in uscat. via
a Google search in url:http://localhost:9105/admin/basic.action ,then enter the registration setting page in the background of the system, and enter the malicious XSS code in the “close registration information” input box. The malicious code will be executed at URL: http://localhost:9105/forum/user_info/register.action , any user who enters this URL will be affected.
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
https://github.com/chenniqing/uscat
[Affected Product Code Base]
*
[Affected Component]
POST /register_setting/save.json HTTP/1.1
Host: localhost:9105
Content-Length: 89
sec-ch-ua: " Not A;Brand";v="99", “Chromium";v="92”
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost:9105
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:9105/register_setting/edit.action
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: JSESSIONID=955307B507B1FD2D9AE8E69C6EABFB75; navUrl=http://localhost:9105/admin/basic.action
Connection: close
isAllowRegister=1&closeRegisterMessage= your xss payload
[Attack Type]
Remote
[Impact Code execution]
true
XSS payload will be executed on the registration page at the front of the website. Any user who opens the registration page(url:http://localhost:9105/forum/user_info/register.action) will be affected