There is a stored xss vulnerability exists in DoraCMS

[Suggested description]
There is a storage XSS vulnerability in the background / admin / contenttemp module of doracms system. The user can access index HTML and 404 HTML page number will trigger JS pop-up.

[Vulnerability Type]
Storage XSS vulnerability

[Vendor of Product] 
https://github.com/doramart/DoraCMS

[Affected Product Code Base]
DoraCMS v2.1.8

[Attack Type] 
Remote

[Impact Code execution] 
true

[Vulnerability proof] 
Step 1: log in to doracms and visit the admin / contenttemp page at URL: http://127.0.0.1:8080/admin/contentTemp。As can be seen from the figure below, the template is a page frequently visited by users, such as 404 html、index. html。
![image](https://user-images.githubusercontent.com/85676107/154801346-54340fbd-9030-4a19-a1a1-88aeefac265b.png)

Step 2: enter the JS code < script > alert (1) < / script > in the template, as shown in the following figure.
![image](https://user-images.githubusercontent.com/85676107/154801374-e0cbc161-4991-41e8-a402-f97b3b46fb25.png)

![image](https://user-images.githubusercontent.com/85676107/154801389-4a70a634-8cd5-4ee2-a5a8-3030b30dc804.png)

Step 3: after saving the changes, visit 404 HTML and index HTML, trigger JS code execution pop-up window.
![image](https://user-images.githubusercontent.com/85676107/154801405-0abce27d-5ffe-4892-ab57-c9b43391b46e.png)
![image](https://user-images.githubusercontent.com/85676107/154801411-b33acdf1-88bd-433d-a8a7-0786dc5044e6.png)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

There is a stored xss vulnerability exists in DoraCMS #255

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

There is a stored xss vulnerability exists in DoraCMS #255

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions