Ametys CMS Persistent Cross-Site Scripting Vulnerability

A persistent cross-site scripting vulnerability has been identified in Ametys CMS version 4.4.1. The issue resides in the link directory's input fields for external links, where attackers can inject malicious scripts into link texts and descriptions. This vulnerability allows for persistent attacks that can hijack user sessions and manipulate application modules.

Impact

Exploitation of this vulnerability allows for session hijacking, persistent phishing attacks, external redirects to malicious sources, and manipulation of affected application modules.

Reproduction

To reproduce this vulnerability, log into the Ametys CMS v4.4.1 as a user with permissions to create links. Navigate to the link directory and add a new external link. Inject a script payload into the link text, small description, and description fields, then save the link. The injected script will execute when the link directory is accessed, demonstrating the cross-site scripting vulnerability.

Remediation

The vulnerability can be addressed by properly parsing and encoding the input fields in the 'Add External Link' function of the link directory. Additionally, the input fields should be restricted from accepting special characters that could be used for injection attacks. Finally, the output locations where the links are displayed in both the frontend and backend should be sanitized to remove any harmful scripts.