Westboy CicadasCMS Cross-Site Scripting Vulnerability in Template Management Component
Vulnerability
A cross-site scripting (XSS) vulnerability has been identified in Westboy CicadasCMS versions prior to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The issue resides in the Template Management Page, specifically within the 'Save' function of the 'TemplateFileServiceImpl.java' file. This vulnerability allows for the injection of malicious scripts that are executed when other users access the affected content. The vulnerability can be exploited remotely, and a public exploit is available.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected page.
Reproduction
To reproduce this vulnerability, log into the CicadasCMS application and navigate to the Template Management Page. Use the 'Save' function to upload a template file. In the 'content' parameter, insert a script payload. Once the template is saved, the injected script will execute when the template is viewed, demonstrating the cross-site scripting vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.