Cross-Site Scripting (Stored XSS) in admidio/admidio
May 29th 2023
With Association's board role, i can add a new web link. But, when i create a link, in Link name input field can insert an onfocus/autofocus attribute because do not processing for double quote.
Proof of Concept
- Login by account with Association's board role
- Access funtion Web links and create new link
- Fill all input, at Link name input field, use payload xss" onfocus="alert(document.domain) and save
- Login by account with Administrator role
- Access funtion Web links and perform edit Web link
- XSS payload will be automatically executed
Through this vulnerability, an attacker is capable to execute malicious scripts.