You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
XSS vulnerability in default security configuration when using Admin plugin to edit pages
Moderate
rhukster
published
GHSA-cvmr-6428-87w9Dec 10, 2020
Package
Grav
(PHP)
Affected versions
1.6.28
Patched versions
1.6.30
Description
Impact
The impact of this is medium, because it gives the privileged users (with the ability to edit pages) a mechanism to perform remote code execution via XSS. At a minimum, the vulnerability represents a bypass of security controls put in place to mitigate this form of attack.
The remote code execution can be performed because XSS would allow an attacker to execute functionality on behalf of a stolen administrative account - the facility to install custom plugins would then allow said attacker to install a plugin containing a web shell and thus garner access to the underlying system.
Impact
The impact of this is medium, because it gives the privileged users (with the ability to edit pages) a mechanism to perform remote code execution via XSS. At a minimum, the vulnerability represents a bypass of security controls put in place to mitigate this form of attack.
The remote code execution can be performed because XSS would allow an attacker to execute functionality on behalf of a stolen administrative account - the facility to install custom plugins would then allow said attacker to install a plugin containing a web shell and thus garner access to the underlying system.
References
https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)
https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
https://cwe.mitre.org/data/definitions/79.html
For more information
Please contact contact@pentest.co.uk