Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-43355 PoC — CMS Made Simple 跨站脚本漏洞

Source
https://github.com/sromanhu/CVE-2023-43355-CMSmadesimple-Reflected-XSS---Add-user
Associated Vulnerability
Title:CMS Made Simple 跨站脚本漏洞 (CVE-2023-43355)
Description:CMS Made Simple(CMSMS)是Cmsms团队的一套开源的内容管理系统(CMS)。该系统支持基于角色的权限管理系统、基于向导的安装与更新机制、智能缓存机制等。 CMS Made Simple v.2.2.18 版本存在跨站脚本漏洞,该漏洞源于通过精心设计的脚本对“My Preferences - Add user”组件中的密码和再次密码参数执行任意代码。
Description
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again in the My Preferences - Add user
Readme
# CMSmadesimple Reflected XSS v2.2.18

## Author: (Sergio)

**Description:** Multiple cross-site scripting (XSS) vulnerabilites in install/adduser.php of CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again in the My Preferences - Add user.

**Attack Vectors:** Scripting a vulnerability in the sanitization of the entry in the password and password of "My Preferences - Add user." allows injecting JavaScript code that will be executed when forward the request.

---

### POC:


When logging into the panel, we will go to the "My Preferences - Add user" section off General Menu.

![XSS password fields](https://github.com/sromanhu/CMSmadesimple-Reflected-XSS---Add-user/assets/87250597/f41cd63a-7dcf-4082-bac1-00d6a71254ff)







We edit that Content - News Menu with the payload that we have created and see that we can inject arbitrary Javascript code in the assword and password again field.


### XSS Payload:

```js
'"><svg/onload=alert('password')>
```

```js
'"><svg/onload=alert('password again')>
```


In the following image you can see the embedded code that executes the payload when forward the request.
![XSS password result1](https://github.com/sromanhu/CMSmadesimple-Reflected-XSS---Add-user/assets/87250597/a26cb32a-e3c5-4323-a74c-87048f1e8aba)


![XSS password result 2](https://github.com/sromanhu/CMSmadesimple-Reflected-XSS---Add-user/assets/87250597/ca52b885-c776-4d0e-b7f1-8dcebdd436e6)









</br>

### Additional Information:
http://www.cmsmadesimple.org/

https://owasp.org/Top10/es/A03_2021-Injection/
File Snapshot

 [4.0K]  /data/pocs/037b6db943b10d1c9719792613fca5988bc1b806
└── [1.6K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.