CVE-2023-43340

Vulnerability

Overview

CVE-2023-43340 describes a reflected Cross-Site Scripting (XSS) vulnerability found in Evolution CMS version 3.2.3 [1][2]. The issue lies in the installation process within the Admin Options step, where parameters such as cmsadmin, cmsadminemail, cmspassword, and cmspasswordconfim are not properly sanitized before being reflected in the application output [3]. This lack of sanitization allows an attacker to inject arbitrary HTML and JavaScript code via a crafted payload.

Exploitation

Details

An attacker can exploit this vulnerability during the installation workflow. The malicious payload, for example '\"><svg/onload=alert('admin_name')>, is inserted into any of the affected parameters [3]. When the user submits the form and clicks 'Next', the injected script executes in the context of the user's browser session. The attack requires no authentication because it targets the publicly accessible installation phase, and it can be delivered through a crafted link or by convincing a victim to perform the installation with malicious input [1][3].

Impact

Successful exploitation enables the attacker to execute arbitrary JavaScript within the victim's browser, which could lead to session hijacking, credential theft, defacement, or redirection to malicious sites [1]. Since the vulnerability occurs during the CMS installation, it primarily affects administrators or users setting up a new instance; however, if an attacker can lure a user to a specially crafted installation page, they could compromise the initial configuration.

Mitigation

Status

As of the latest information available, Evolution CMS has addressed this issue in versions beyond 3.2.3 [2]. Users should upgrade to the most current release to eliminate the XSS risk. No official workaround has been published, but ensuring that the installation interface is not exposed to untrusted input is a good security practice [2][3].