Bludit CMS Reflected Cross-Site Scripting Vulnerability in Search Plugin

A reflected cross-site scripting vulnerability has been identified in Bludit CMS versions prior to commit 6732dde. This issue resides within the search plugin, allowing unauthenticated attackers to inject arbitrary JavaScript by crafting malicious search queries. When users visit URLs containing the injected payload, the malicious scripts are executed in their browsers. This exploitation could lead to the theft of session cookies or actions being performed on behalf of the affected users.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where injected scripts are executed in the context of the user's browser. This could result in session hijacking, credential theft, exfiltration of CSRF tokens, manipulation of the DOM, or redirection to phishing sites. In privileged contexts, such as the admin panel, it could lead to a complete account takeover or compromise of CMS content.

Reproduction

To reproduce this vulnerability, ensure the search plugin is activated in Bludit CMS. Navigate to the homepage and locate the search box. Insert a crafted payload, such as an image tag with an 'onerror' event, into the search bar and submit the query. This will trigger an alert popup, confirming the execution of the injected script.

Remediation

Users can update to Bludit CMS version 3.20 or later, where this vulnerability has been fixed. The patch ensures that search terms and URLs are properly HTML-escaped to prevent script injection.