Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-43877 PoC — RiteCMS 跨站脚本漏洞

Source
https://github.com/sromanhu/CVE-2023-43877-RiteCMS-Stored-XSS---Home
Associated Vulnerability
Title:RiteCMS 跨站脚本漏洞 (CVE-2023-43877)
Description:Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu.
Description
 RiteCMS 3.0 is affected by a Multiple Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Home settings page in the Administration Menu
Readme
# Rite CMS v3.0 Multiple Stored XSS 

## Author: (Sergio)

**Description:** Rite CMS 3.0 is affected by a Multiple Cross-Site scripting (XSS) stored vulnerability that allows attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu. The payload will be executed on the main page independent of the user's session, so accessing the home web with another user will also execute the payload.

**Attack Vectors:** AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

---

### POC:


When logging into the panel, we will go to the "Administration - Home" section or we create a new page and add the payloads.

We edit the body configuration where we add the XSS payloads. As there are several fields and only the output of the alert changes, I indicate the payload one of them:

![XSS payload Properties](https://github.com/sromanhu/-RiteCMS-Stored-XSS---Home/assets/87250597/38d92abd-034a-4317-bb6a-705ac5bd735e)



### XSS Payload:

```js
'"><svg/onload=alert('Description')>
```


In the following images you can see the embedded code that executes the payload in the main web. As there are several sections, I show them separately:


### CONTENT:

![XSS Payloadpng](https://github.com/sromanhu/-RiteCMS-Stored-XSS---Home/assets/87250597/dfe799d5-7548-474d-a275-df63c33ed7c6)


We click on Edit:

![XSS Path](https://github.com/sromanhu/-RiteCMS-Stored-XSS---Home/assets/87250597/c1834c33-d6f9-43ac-be41-19c4bdbc686f)

Result:

![XSS Resultado](https://github.com/sromanhu/-RiteCMS-Stored-XSS---Home/assets/87250597/f035199d-ccd1-49ca-a0ba-084f5fa96758)


### PROPERTIES:

![XSS payload Properties](https://github.com/sromanhu/-RiteCMS-Stored-XSS---Home/assets/87250597/840ecd22-0b16-4dd7-84ba-1698325d9f29)


Result:

![XSS result Properties](https://github.com/sromanhu/-RiteCMS-Stored-XSS---Home/assets/87250597/6f8da1e9-fa53-45df-b54b-83ea2fe5d199)

![XSS result Properties 2](https://github.com/sromanhu/-RiteCMS-Stored-XSS---Home/assets/87250597/44d7df14-28cc-4e02-8397-d651160045a6)

![XSS result Properties 3](https://github.com/sromanhu/-RiteCMS-Stored-XSS---Home/assets/87250597/a4e60f0c-aa36-4f03-aeea-bd0731f413f1)


### SIDEBAR:

![XSS payload Sidebar](https://github.com/sromanhu/-RiteCMS-Stored-XSS---Home/assets/87250597/55efffce-5fe0-4453-9716-c642035eef44)

Result:

![XSS result sidebar](https://github.com/sromanhu/-RiteCMS-Stored-XSS---Home/assets/87250597/4473839b-2374-4e71-9d04-fca7c77fec82)



</br>
File Snapshot

 [4.0K]  /data/pocs/06bd2d96c37171ea729b4664fa4f1fb91ce1c143
└── [2.4K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →