October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has article posting capabilities.
d580a80cc73913f04ace7c62f85113ce9e77937e62898798e82b472da77074cf
OctoberCMS v3.4.0 (Wiki_article) Stored Cross-Site Scripting Vulnerability
Vendor: October CMS
Product web page: https://www.octobercms.com
Affected version: 3.4.0
Summary: OctoberCMS is a self-hosted content management system (CMS)
based on the PHP programming language and Laravel web application framework.
It supports MySQL, SQLite and PostgreSQL for the database back end and
uses a flat file database for the front end structure. The October CMS
covers a range of capabilities such as users, permissions, themes, and
plugins, and is seen as a simpler alternative to WordPress.
Desc: OctoberCMS suffers from stored cross-site scripting vulnerability
when a user with the ability to create an article could perform a stored
XSS attack against any other users with the ability to create an article.
This can lead to execute arbitrary HTML/JS code in a user's browser session
in context of an affected site.
Tested on: macOS Monterey 12.6.3
Docker 4.12.0 (85629)
PHP/8.1.6
Vulnerability discovered by Nazli Soysal Kuran
@zeroscience
Advisory ID: ZSL-2023-5807
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5807.php
30.10.2023
--
Stored XSS (EntryRecord[content]):
----------------------------------
Endpoint: /backend/tailor/entries/wiki_article
Payload: EntryRecord%5Bcontent%5D="<script>alert(1)</script>"