Drupal 11.0.1-Stored XSS
Description:
# An Issue is discovered in Drupal 11.0.1
# We found a vulnerability XSS that allow attackers to store XSS via body in add Article.
Affected Component:
http://[ip]/en/node/add/article
http://[ip]/en/node/24/edit?destination=/en/node/24
Payload:
<script>alert(/Grim The Ripper Team by SOSECURE Thailand/)</script>
Proof of Concept:
First, login to the target application.
We login to the target application with admin privileges.
Select Create then click on Article function.
Select Text format “Full HTML” .
Enter information into the form provided and input the XSS payload in the Body field after click on “Source” button then click “Save” button.
Next, then click “Save” button.
The XSS payload will run immediately.
Author:
Grim The Ripper Team by SOSECURE Thailand