pH7 Software pH7-Social-Dating-CMS Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in pH7 Software's pH7-Social-Dating-CMS version 17.9.1. This vulnerability allows users to inject malicious JavaScript into the user profile's Description field, which is then executed when the profile is viewed.

Impact

Exploitation of this vulnerability allows for the execution of injected scripts in the context of the user viewing the profile. This could lead to session hijacking, theft of cookies or local storage data, and unauthorized actions performed as the victim. If an admin views the affected profile, the consequences could be even more severe, potentially allowing the attacker to perform privileged actions.

Reproduction

To reproduce this vulnerability, log into the application with an admin account. Navigate to the 'Users' section and select a user profile to edit. Inject a JavaScript payload into the 'Description' field and save the changes. The application will encode the request, but this can be intercepted and tampered with to restore the original JavaScript payload. Once the modified request is sent to the server, the injected script will execute when the profile is viewed.