Bolo-Blog Stored Cross-Site Scripting Vulnerability in Article Title Handler

A stored cross-site scripting vulnerability has been identified in Bolo-Blog versions through 2.6.4. The issue resides in the Article Title Handler component, specifically within the file '/console/article/'. The vulnerability arises because the 'articleTitle' parameter is not properly sanitized before being saved to the database. This lack of sanitation allows malicious scripts to be executed in the browsers of users who view the affected article. The vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where the injected script is executed in the context of the user viewing the article. This could lead to session hijacking, cookie theft, and unauthorized administrative actions, according to the vulnerability disclosure.

Reproduction

To reproduce this vulnerability, log into the admin panel and navigate to the article creation page. Enter a script payload, such as an image tag with an 'onerror' event, into the 'Title' field. After publishing the article, the injected script will execute when the article is viewed.

Remediation

It is recommended to sanitize the 'articleTitle' parameter by escaping HTML before it is stored in the database. Additionally, consider adding security headers such as 'Content-Security-Policy' to restrict script sources and 'X-XSS-Protection' to enable cross-site scripting filters.