CHT Security SOC Discovered Vulnerability in a Foreign Content Management System

Summary

Vulnerability List

[CVE-2023-36121] – XSS

Details

1. XSS

Description

A foreign content management system contains a vulnerability (CVE-2023-36121), which allows XSS attacks to be executed under multiple items in the administrator page.

Impact

Where the administrator of the system adds functions, multiple projects were found to allow XSS execution. Among them, there is an SEO project under ../newspost.php?. Although the <script> string format is restricted, other methods are allowed to bypass. In addition to the changes in the administrator interface due to XSS, the front-end user page will also be affected by the input of XSS syntax in the management interface.

Known Affected Software

• Version 2.3.2

Credits

• Noflag (CHT Security)