CVE-2017-17778

Vulnerability

Paid To Read Script version 2.0.5 contains a reflected cross-site scripting (XSS) vulnerability in the referrals.php page via the tier parameter, and in the admin/userview.php page via the uid parameter. User input is not sanitized before being reflected in the HTML output, allowing injection of arbitrary JavaScript. [1]

Exploitation

An attacker can craft a malicious URL containing JavaScript code in the tier or uid parameter. For example, http://.../referrals.php?id=10&tier=1%27%22%3E%3Csvg/onload=alert(document.cookie)%3E%3C%27%22 or http://.../admin/userview.php?uid=13%27%22%3E%3Csvg/onload=alert(document.cookie)%3E%3C%27%22. The attacker then tricks a victim into clicking the URL. No authentication is required to trigger the XSS on referrals.php; the admin page may require prior admin access, but the XSS is still reflected. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser within the context of the affected site. This can lead to theft of session cookies, account hijacking, defacement, or redirection to malicious sites. The impact depends on the victim's privileges but can result in compromise of the application's security. [1]

Mitigation

As of the disclosure date, no official patch or updated version has been released by the vendor for Paid To Read Script 2.0.5. Users should implement input validation and output encoding for the affected parameters, or consider upgrading to a newer version if available. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. [1]