CVE-2018-17322

Vulnerability

YUNUCMS version 1.1.4 contains a reflected cross-site scripting (XSS) vulnerability in the index.php/index/category/index endpoint. The area parameter is not properly sanitized before being reflected in the response, allowing an attacker to inject arbitrary HTML and JavaScript. The issue is confirmed in the official repository [1].

Exploitation

An attacker can craft a malicious URL containing a payload in the area parameter. No authentication is required; the victim only needs to visit the crafted link. For example, the proof-of-concept URL http://localhost/index.php/index/category/index?area=tangshan'"()%26%25&id=23&page=2 triggers the XSS [1]. The injected script executes in the context of the victim's browser session.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser. This can lead to session hijacking, defacement, or theft of sensitive information displayed on the page. The attack is reflected, meaning the payload is not stored on the server but delivered via the crafted link.

Mitigation

As of the publication date (2018-09-22), no official patch has been released. Users should upgrade to a patched version if available, or implement input validation and output encoding for the area parameter. A web application firewall (WAF) may also help block malicious payloads. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.