Cross-site Scripting (XSS) - Stored in omeka/omeka-s
Jul 6th 2021
Stored xss bug using a xss payload in the Title when adding a new site. the xss is getting executed when you are trying to delete the website, see the PoC for details.
🕵️♂️ Proof of Concept
Goto http://localhost/omeka/omeka-s/admin/site and click on add new site copy paste the following xss payload in the Title field.
"><img src=x onerror=alert(document.cookie)>
Click on save. Click on sites(1) and then click on the delete(2) button and see the xss poppin up.
Possible to steal admin cookies or take over another account via cookie grepping.
Validate user input