来源

关联漏洞

描述

Reflected Cross-Site Scripting (XSS) in Xibo CMS v4.1.2 from Xibo Signage, due to a lack of proper validation of user input.

介绍

# CVE-2025-41089: Reflected XSS in Xibo CMS

I have discovered a **Reflected Cross-Site Scripting (XSS)** vulnerability in **Xibo CMS v4.1.2**. This issue stems from the application's failure to properly sanitize user-supplied input in the 'Configuration Name' field of certain widgets within the template editor.

An attacker can craft a special link or trigger an action that injects a malicious script into this field. When a user interacts with the affected page, the script is reflected from the server and executed in the victim's browser.

---

## Proof of Concept (PoC)

To trigger the vulnerability, an authenticated user must follow these steps:

1.  Navigate to the **Design > Templates** section and create a new template.
2.  Add a widget that contains a **'Configuration Name'** field, such as the 'Clock' widget.
3.  In the **'Configuration Name'** field (located on the left-hand panel), insert a malicious XSS payload (e.g., `<script>alert(1337)</script>`).
4.  When the form is submitted or the page reloads with this data in the URL or POST body, the server will reflect the payload back to the browser, causing the script to execute.

---

## Exploitation and Impact

Unlike Stored XSS, a Reflected XSS payload is not stored in the database. The following picture shows the compromied component:

<img width="1919" height="792" alt="Script_Location_2" src="https://github.com/user-attachments/assets/7135b4fe-cae2-4c31-a28a-e6a7865568fe" />

Because the payload is not stored, it does not affect other users who visit the page normally. The following picture shows the end result: 

<img width="1919" height="910" alt="Result" src="https://github.com/user-attachments/assets/80dcc910-89b7-407c-80e4-b0ddc0e1934b" />

---

## References

-   **INCIBE-CERT (Spanish):** [Múltiples vulnerabilidades en Xibo CMS](https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-xibo-cms)
-   **INCIBE-CERT (English):** [Multiple vulnerabilities in Xibo CMS](https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-xibo-cms)

---

## Disclaimer

This information is provided for educational and research purposes only. I am NOT responsible for any misuse or damage caused by this information.

文件快照

 [4.0K]  /data/pocs/8b5f30ea530ddd96d6952029f75a319402b87b18
└── [2.2K]  README.md

0 directories, 1 file

备注