Sitefinity 15.0 - Cross-Site Scripting Vulneraility

2024-06-0400:00:00

Aldi Saputra Wahyudi

0day.today

111

sitefinity cms

cross-site scripting

sf-editor

vulnerability

progress

cve-2023-27636

windows

linux

html

payload

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

70.9%

JSON

# Exploit Title: Sitefinity 15.0 - Cross-Site Scripting (XSS)
# Exploit Author: Aldi Saputra Wahyudi
# Vendor Homepage: https://www.progress.com/sitefinity-cms
# Version: < 15.0.0
# Tested on: Windows/Linux
# CVE : CVE-2023-27636

# Description: In the backend of the Sitefinity CMS, a Cross-site scripting vulnerability has been discovered in all features that use SF-Editor

# Steps To Reproduce:

Attacker as lower privilege
Victim as Higher privilege

1. Login as an Attacker
2. Go to the function using the SF Editor, go to the news page as example
3. Create or Edit news item
4. On the content form, insert the XSS payload as HTML
5. After the payload is inserted, click on the content form (just click) and publish or save
6. If the victim visits the page with XSS payload, XSS will be triggered

Payload: <noalert><iframe src="javascript:alert(document.domain);">