Total.js CMS Cross-Site Scripting Vulnerability in Layout Page Component

A cross-site scripting (XSS) vulnerability has been identified in Total.js CMS version 1.0.0. The issue arises in the Layout Page component, specifically within the 'layouts_save' function of the '/admin/' file. This vulnerability allows for the manipulation of the 'HTML' argument, leading to the execution of malicious scripts. The attack can be initiated remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected layout.

Reproduction

To reproduce this vulnerability, log into the Total.js CMS admin panel and navigate to the Layouts section. Send a POST request to the '/admin/' endpoint with the 'layouts_save' schema. Include a payload in the 'html' field that contains an image tag with an event handler, such as 'onerror'. Once the layout is saved, open it to trigger the execution of the embedded JavaScript, such as an alert.