CMSimple 5.2 - 'External' Stored XSS

Author: Quadron Research Lab
type: webapps
platform: php
port: 
date_added: 2021-04-08  
date_updated: 2021-04-08  
verified: 0  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 49751.txt  

# Exploit Title: CMSimple 5.2 - 'External' Stored XSS
# Date: 2021/04/07
# Exploit Author: Quadron Research Lab
# Version: CMSimple 5.2
# Tested on: Windows 10 x64 HUN/ENG Professional
# Vendor: https://www.cmsimple.org/en/

[Description]
The CMSimple 5.2 allow stored XSS via the Settings > CMS > Filebrowser > "External:" input field.

[Attack Vectors]
The CMSimple cms "Filebrowser" "External:" input field not filter special chars. It is possible to place JavaScript code.
The JavaScript code placed here is executed by clicking on the Page or Files tab.

[Proof of Concept]
https://github.com/Quadron-Research-Lab/CVE/blob/main/CMSimple_5.2_XSS.pdf