CMS Made Simple (CMSMS) is a free, open source (GPL) content management system (CMS) to provide developers, programmers and site owners a web-based development and administration area. In 2010 it won the Packt Publishing annual award for open source content management. (Source: wikipedia)
It is possible for an authenticated user with admin access to misuse XSS vulnerability in Admin panel and in extensions. The vulnerability exists due to insufficient filtration of user-supplied data. By exploiting this vulnerability, an attacker gains ability to execute own client-side code in context of another user. This can lead to taking actions under other admin user account. Also passwords are stored as salted MD5 hash.
Payload: <script>alert(document.domain)</script> Description: After insert of payload to input, it is needed to reload webpage to trigger payloadStored XSS v manage shortcuts
Payload: <script>alert(document.domain)</script> Parameter: nameStored XSS v global settings, content editing settings, maintenance mode
Payload: <script>alert(document.domain)</script>Stored XSS v global settings
Payload: <script>alert(1)</script> Parameter: global metadata Description: Also triggers in visitors siteStored XSS in title of article
Payload: XSS <script>alert(document.domain)</script> Description: Triggers in admin area and article content triggers also in visitors site. Here is needed to modify request with proxy, because website encodes few characters before sending.Stored XSS v settings - content manager
Payload: <script>alert(document.domain)</script>
Because developers decided to not fix these vulnerabilities, best advice is to use another - regularly updated CMS, like Wordpress.
These vulnerabilities were discovered by Tomas Volny from Citadelo.
