Headline
CVE-2022-28522: There is a stored xss vulnerability here: /index.php?m=home&c=message&a=add · Issue #5 · jorycn/thinkphp-zcms
ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add.
Vulnerability file:\Application\Home\Controller\MessageController.class.php
You can see that the xss vulnerability is not filtered here
Vulnerability to reproduce:
1、Visit url: http://www.xxx.com/index.php?m=home&c=message&a=add ,use the post method to pass in parameter values,the specific operation screenshots are as follows:
2、Access background address: http://www.xxx.com/Admin/Message/index/menuId/132 ,you can see the success popup
Or you can log in to the background, click Extension Tools, and then click Message Management,a popup will appear next
Repair suggestion:
Use php built-in functions such as htmlspecialchars to filter xss vulnerabilities
Related news
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete.
GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=.
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del.
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit.
ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config.
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.