SSCMS Reflected Cross-Site Scripting Vulnerability in STL Processing Endpoint

A reflected cross-site scripting vulnerability has been identified in SSCMS version 7.4.0. This issue resides within the STL processing endpoint, specifically the /api/stl/actions/dynamic route. The vulnerability allows attackers to execute arbitrary JavaScript by creating malicious STL template payloads. These payloads are decrypted and returned without adequate sanitization, exploiting improper output encoding in JSON responses. This could lead to session hijacking, phishing attacks, and unauthorized actions performed on behalf of users.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where injected JavaScript is executed in the context of the user's browser session.

Reproduction

To reproduce this vulnerability, an administrator must log in to an affected SSCMS v7.4.0 instance. Once logged in, the encryption key can be used to encrypt a malicious STL template payload. This encrypted payload is then sent as a POST request to the /api/stl/actions/dynamic endpoint. The response will include the injected JavaScript, which will execute in the browser, potentially leading to session hijacking or other unauthorized actions.