CVE-2017-11611

Vulnerability

Wolf CMS 0.8.3.1 is vulnerable to Cross-Site Scripting (XSS) due to insufficient sanitization of the file name in a create-file-popup action and the directory name in a create-directory-popup action. The vulnerability is triggered via an HTTP POST request to the /plugin/file_manager/ script (i.e., /admin/plugin/file_manager/browse// URI). This allows an attacker to inject arbitrary JavaScript into the application [1].

Exploitation

An attacker must have network access to the Wolf CMS instance and be able to send a POST request to the vulnerable endpoint. The attacker can craft a malicious payload in the file name or directory name parameter. No authentication or user interaction beyond visiting the page is required to execute the injected script, as the payload is stored and executed when the page is rendered [1].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser. This can lead to session hijacking, defacement, or theft of sensitive information. The attack impacts confidentiality and integrity, potentially affecting any user who accesses the file manager interface [1].

Mitigation

As of the available reference [1], no official patch has been released for Wolf CMS 0.8.3.1. Users are advised to apply input sanitization manually or upgrade to a newer version if available. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.