Gougu CMS v4.08.18 Stored Blind XSS Vulnerability Analysis

Vulnerability Summary: Gougu CMS Stored Blind XSS 1. Vulnerability Overview A Stored Blind XSS vulnerability exists in Gougu CMS version 4.08.18. This vulnerability allows low-privileged users to inject malicious payloads at the logging endpoint. When an administrator views activity logs or records in the backend, the payloads stored in the database are executed, leading to session hijacking or unauthorized operations performed by the administrator. Vulnerability Type: Stored XSS / Blind XSS CVSS Score: 8.8 (High) CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2. Scope of Impact Affected File: Affected Endpoint: Vulnerability Mechanism: At line 68, the application uses the function to fetch data from the endpoint. At line 72, an HTML variable containing raw data is passed to the function. The jQuery library's function parses and executes HTML/Script tags within the string. The critical issue is that the attribute (user-controllable data stored in the database) is directly appended to the HTML string without any validation or sanitization. 3. Remediation Input Validation and Output Escaping: Strict validation must be performed on user data (such as ) before inserting it into HTML. Use appropriate functions (e.g., PHP's ) to perform HTML entity escaping to prevent XSS attacks. Avoid Direct HTML Concatenation: Avoid using to insert user data. Instead, use the method or ensure the inserted content is plain text rather than HTML code, preventing the browser from parsing and executing malicious scripts. 4. POC (Proof of Concept) Payload: Exploitation Steps: 1. Step 1: As a regular user, inject the above XSS payload into the submission form. 2. Step 2: If an administrator or high-privileged user views the operational records, the XSS payload will be triggered. Relevant Code Logic (Based on Screenshot Analysis):

Goal Reached Thanks to every supporter — we hit 100%!

Gougu CMS v4.08.18 Stored Blind XSS Vulnerability Analysis