Headline
CVE-2023-5810: edit_post_id in posts.php_ XSS (Cross Site Scripting) exists for the place parameter · Issue #2 · flusity/flusity-CMS
A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument edit_post_id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. The identifier VDB-243641 was assigned to this vulnerability.
To manage this project more efficiently, we recommend creating a version identifier and recording which bugs or vulnerabilities are fixed in each version. This will help ensure continuous improvement and quality control of the project, while also facilitating communication and collaboration among team members. Here are some suggestions to improve this project: 1. Assign a unique number to each version, such as v1.0, v2.0, etc. This will help clearly differentiate between different versions. 2. Detail the new features, improvements, and fixed bugs or vulnerabilities of each version in the version release notes. This will help users understand what each version is about. 3. Conduct code reviews during key stages of the project to ensure code quality and follow best practices.
Thank you for spotting and reporting security holes in the code. Following your observations, I reviewed the code and implemented the recommended security improvements. Using the PHP functions filter_input() and htmlspecialchars(), I sanitized and encoded all the data that comes from the URL parameters. This should prevent any XSS-type attacks. I think these changes will increase the security and quality of the project. If you have any further observations or recommendations, be sure to let me know. Thanks again for your help and attention. 2023-10-24, an, 13:36 光头强不会砍树了 @.> rašė:
…
After installation, log in to the backend using the default account password tester/1234 select posts [image: image] https://user-images.githubusercontent.com/113713406/277630999-f5b40b5c-fd5b-4b35-99e3-2d5305974934.png enter payload ?edit_post_id=3);</script><script>alert(1024)</script> [image: image] https://user-images.githubusercontent.com/113713406/277631071-2445c0a4-1cf0-4533-a7bd-bad1f5a9d050.png execution results [image: image] https://user-images.githubusercontent.com/113713406/277631314-33adb1b1-31ee-4e9d-ba6d-13fee97753cf.png Use burpsuite to capture packets. [image: image] https://user-images.githubusercontent.com/113713406/277631397-d096f43e-7b1c-419c-8e20-0fb0781a3a86.png if (isset($_GET[‘edit_post_id’])) { $edit_post_id = $_GET[‘edit_post_id’]; echo "<script>loadPostEditForm($edit_post_id);</script>"; } The vulnerable code location is line 274 in core/tools/posts.php — Reply to this email directly, view it on GitHub <#2>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AZINVW6OYZ7U36MRA3P4BFDYA6K37AVCNFSM6AAAAAA6NPHKJCVHI2DSMVQWIX3LMV43ASLTON2WKOZRHE2TQOJWG4YTANI . You are receiving this because you are subscribed to this thread.Message ID: _@_.>
– Pagarbiai, Darius Jakaitis