Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 #128

Open
EDMPL opened this issue Jun 17, 2024 · 4 comments

Comments

@EDMPL
Copy link

EDMPL commented Jun 17, 2024

A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside it, which acts as a stored XSS payload. If this property page is visited by anyone including the administrator, then the XSS payload will be triggered.

Below is a simple step-by-step on how to reproduce the issue:

  1. Login as a low privilege user (In this case we can use the default low-privilege user).

image

  1. Create or Edit one of the user owned property (In this case we can user the default property owned by the user).

image

  1. Fill the content form with XSS payload using the Code View feature. Before saving it make sure to go back using the usual view to see if the HTML is rendered or not.

image

  1. After saving the new property content and clicking the 'Finish Editing', go to the page and see the XSS is triggered. In this case I use administrator account to trigger the XSS.

image

Coderberg added a commit that referenced this issue Jun 20, 2024
@Coderberg
Copy link
Owner

Hi @EDMPL
Thank you for your observation. I created a small fix in branch 2.x

@EDMPL
Copy link
Author

EDMPL commented Jun 20, 2024

Hi,

Thanks for the response and fix. Is it possible to push the fix to the master and make a new release version of the app? I'm afraid that all release right now is vulnerable to the issue above.

@Coderberg
Copy link
Owner

Yes

@EDMPL
Copy link
Author

EDMPL commented Jul 8, 2024

Hi.

Thanks for the fast response. But I think that the 2.10.2 version is also still vulnerable to the XSS.

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants