China Systems Eximbills Enterprise Authenticated Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in China Systems Eximbills Enterprise version 4.1.5, built on October 30, 2020. The issue arises in the web interface's template management feature, specifically through the 'TMPL_INFO' parameter via the '/EximBillWeb/servlets/WSTrxManager' endpoint. This vulnerability allows authenticated regular users to inject unsanitized JavaScript, which is then executed in the browsers of other users who access the affected template.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the template.

Reproduction

To reproduce this vulnerability, log into the application as a regular user. Navigate to 'Static Data' > 'Credit Officer' > 'Edit Gtee Commission' and click the 'Template' button. Intercept the request using a proxy tool like Burp Suite. Locate the 'TMPL_INFO' parameter and insert a payload, such as an audio tag with an 'onerror' event, to execute a script. Once the template is saved, the payload will be executed whenever the template is accessed, demonstrating the stored XSS vulnerability.