FeehiCMS version 2.1.1 - Cross Site Scripting (XSS) in id parameter of Banner Update function #73
Description
[Cross Site Scripting (XSS) in id parameter of Banner Update function]
Severity Score: Medium
CVSS Score: 7.6 High, CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Description
There is a XSS vulnerability in id parameter of Banner Update function, allows authenticated backend user to visit the vulnerable URL and executes the malicious JavaScript.
Impact
Malicious JavaScript can be executed which will impact the confidentiality and integrity of the backend users, backend configuration and records.
POC
Login as a backend user. Navigate to the link below, the JavaScript will be executed.
http://localhost:8081/admin/index.php?r=banner%2Fupdate&id=25%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E
Remediation
- Strict Input Validation - Accept only valid formats for id (numeric or UUID).
- Context-Aware Output Encoding - Encode the id value before rendering into HTML.