Qianfox FoxCMS Cross-Site Scripting Vulnerability in Search Component

A reflected cross-site scripting vulnerability has been identified in Qianfox FoxCMS versions through 1.2. The issue resides in the Search page, specifically within the '/index.php/Search' file. The vulnerability is triggered by manipulating the 'keyword' parameter, which is not properly sanitized before being output. This flaw allows remote attackers to inject malicious JavaScript that is executed in the context of the user's browser. The injected script could, for example, access and steal cookies, including session identifiers, potentially leading to session hijacking.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the victim's browser. This could be used to steal non-HttpOnly cookies, perform phishing attacks, chain with other vulnerabilities for Cross-Site Request Forgery (CSRF) exploitation, or hijack user sessions by stealing session cookies.

Reproduction

To reproduce this vulnerability, send a GET request to '/index.php/Search' with the 'keyword' parameter set to a crafted value that includes JavaScript payloads, such as an 'onmouseover' event. When the crafted URL is accessed, the injected script will execute, demonstrating the cross-site scripting vulnerability. This can be done with a simple payload that, for example, alerts the user’s cookies.

Remediation

Users are advised to update to a version of FoxCMS that addresses this vulnerability. If no update is available, implement input validation and output encoding to prevent script injection. Additionally, set cookies with the HttpOnly flag to protect them from being accessed by JavaScript.