[CVE-2022–34964] OSSN 6.3 LTS — Stored XSS Vulnerability at SitePages

Vulnerability Explanation:

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module.

Attack Vectors:

The attacker must post something on the “SitePages” and insert the XSS payload at the input in order to exploit stored XSS. The XSS payload will be launched immediately after back to SitePages.

Affected Component:

1. http://ip_address:port/administrator/component/OssnSitePages
2. POST ossn/action/sitepage/edit/terms

Payload :

<img src=x onerror=confirm('xss')>

Tested on:

1. OSSN v6.3 LTS (https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3)
2. Google Chrome Version 102.0.5005.115 (Official Build) (x86_64)

Steps to attack:

First, we login to the target application with admin privileges.

Then select Configure and select Site Pages.

use xss payload.

after we check at Terms and Conditions pages it will show payload.

but if we use burp to see request, we found that front-end have paragraph <p> at payload.

so we use repeater to delete <p> and send our payload again.

after we reload Terms and Conditions Pages we got xss !!

Discoverer:

Grim The Ripper Team by SOSECURE Thailand

Reference:

1. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34964
2. https://www.opensource-socialnetwork.org/
3. https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3
4. https://www.openteknik.com/contact?channel=ossn