Vion707 DMadmin Cross-Site Scripting Vulnerability in Backend Addons Controller
Vulnerability
A cross-site scripting (XSS) vulnerability has been identified in Vion707 DMadmin versions prior to 3403cafdb42537a648c30bf8cbc8148ec60437d1. The issue resides in the Backend component, specifically within the Add function of the Admin/Controller/AddonsController.class.php file. This vulnerability allows for the injection of malicious scripts that can be executed in the context of the user's browser. The vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.
Impact
Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the victim's browser.
Reproduction
To reproduce this vulnerability, log into the DMadmin backend and navigate to the system settings. In any parameter input box, insert a script payload, such as a script tag containing JavaScript code, such as an alert. The injected script will be executed, demonstrating the cross-site scripting vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.