iCMS Cross-Site Scripting Vulnerability in User Management Component

A reflected cross-site scripting vulnerability has been identified in iCMS version 8.0.0, specifically within the User Management component. The issue arises because the application fails to properly sanitize the 'regip' and 'loginip' GET parameters before echoing them into the HTML 'value' attribute of input fields. This lack of proper escaping allows remote attackers to execute arbitrary web scripts or HTML.

Impact

Exploitation of this vulnerability allows for the execution of malicious scripts in the context of the user's browser, potentially leading to unauthorized actions being performed on behalf of the user or the theft of sensitive information, such as credentials.

Reproduction

To reproduce this vulnerability, log into the iCMS administration panel and navigate to the User Management section. Once there, the vulnerability can be exploited by appending a script payload to the 'regip' or 'loginip' parameters in the URL. The application will reflect the payload, executing the embedded JavaScript. For example, a URL could be crafted to include a script tag payload, which, when accessed, would trigger an alert as a proof of concept.

Remediation

It is recommended to sanitize the input by using the 'htmlspecialchars()' function before outputting it to the view. This will escape special characters and prevent the execution of malicious scripts.