CVE-2018-5216

Vulnerability

Radiant CMS version 1.1.4 is vulnerable to stored cross-site scripting (XSS) through the part_body_content parameter on the /admin/pages/*/edit resource. When a user edits a page and submits content with the filter set to "Markdown", the input is not properly sanitized, allowing injection of arbitrary HTML and JavaScript [1][3]. The vulnerable code path is reachable by any authenticated user with page editing privileges.

Exploitation

An attacker must first obtain valid administrator credentials for the Radiant CMS instance (the default demo credentials are admin / radiant) [3]. After logging in, the attacker navigates to the edit page for any page, enters a malicious payload such as `` in the body field, selects "Markdown" as the filter, and saves the changes. The payload is stored and subsequently executed when any user visits the affected page [3].

Impact

Successful exploitation allows an attacker to inject and execute arbitrary JavaScript in the context of the victim’s browser session. This stored XSS can be used to steal session cookies, deface pages, or perform actions on behalf of the authenticated victim, leading to a compromise of confidentiality and integrity [1][3].

Mitigation

No patch or workaround is mentioned in the available references. Administrators should restrict access to the page editor to trusted users and consider disabling the Markdown filter or upgrading to a newer version of Radiant CMS if one exists [1].