Cockpit CMS 0.13.0 - Multiple Reflected XSS
Overview #
Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Cockpit CMS version 0.13.0. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML.
Vulnerability Details #
Affected Versions: 0.13.0 and earlier
Location: /collections/entries/ and /mediamanager/api endpoints
Affected Parameters: filter and path
Root Cause: Insufficient input validation and output encoding on multiple parameters allows XSS attacks.
Exploitation Requirements #
- No authentication required
- Victim must visit crafted URLs
Impact #
Remote attackers can exploit these vulnerabilities to:
- Steal admin session cookies
- Perform actions on behalf of users
- Access CMS data
Proof of Concept #
GET /cockpit-0.13.0/collections/entries/{HASH}&filter='"--></style></scRipt><scRipt>alert(0x0032AA)</scRipt> HTTP/1.1
Host: target.comPOST /cockpit-0.13.0/mediamanager/api HTTP/1.1
Host: target.com
Content-Type: application/x-www-form-urlencoded
path=><iMg src=N onerror=alert(9)>Solution #
Upgrade to a patched version of Cockpit CMS that includes proper input sanitization and output encoding.