: Vulnerability ID: HTB22776 : Reference: http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_diafan_cms.html : Product: diafan.CMS : Vulnerability Details: : User can execute arbitrary JavaScript code within the vulnerable application. : : The vulnerability exists due to failure in the : "http://host/admin/site/save2/"; script to properly sanitize : user-supplied input in "text" variable. Successful exploitation of this : vulnerability could result in a compromise of the application, theft of : cookie-based authentication credentials, disclosure or modification of : sensitive data. This is the site editor functionality, correct? This requires administrative access and is *designed* to allow the admin to enter any HTML or script code desired. If an attacker can access this page, couldn't they do other bad things? Is there really a crossing of privilege boundary here?
