Typesetter CMS Reflected Cross-Site Scripting Vulnerability in Editing Component

A reflected cross-site scripting vulnerability has been identified in Typesetter CMS versions 5.1 and prior. The issue resides in the Editing component, specifically within the include/tool/Editing.php file. The vulnerability arises because the images parameter, submitted as images[] in a POST request, is reflected into an HTML href attribute without adequate context-aware output encoding. This flaw allows an authenticated attacker with editing privileges to inject a JavaScript pseudo-protocol, such as 'javascript:', enabling the execution of arbitrary JavaScript in the context of the victim's browser session.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute malicious scripts in the context of the user's browser session.

Reproduction

To reproduce this vulnerability, an authenticated user with editing privileges can send a POST request including the images parameter. The value should be a JavaScript pseudo-protocol, such as 'javascript:alert(1)'. This will trigger the execution of the injected JavaScript in the context of the user's browser.