Nukegraphic CMS Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in Nukegraphic CMS version 3.1.2. This issue arises in the user profile edit feature, specifically within the name field of the profile edit request. The application does not adequately sanitize user input before saving it to the database, allowing authenticated users with low privileges to inject malicious JavaScript. Once injected, this script is executed across the CMS whenever the user's name is displayed, potentially leading to session hijacking, credential theft, or unauthorized actions on behalf of the affected user.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the context of other users' sessions, which could result in session hijacking, theft of credentials, or unauthorized actions performed on behalf of the victims.

Reproduction

To reproduce this vulnerability, log in as a valid user and navigate to the 'Edit Profile' section. Intercept the profile update request and inject a script, such as a simple alert script, into the 'name' parameter. After forwarding the request, visit any CMS page that displays the user name, which will trigger the execution of the injected script.