# Exploit Title: RiteCMS 3.0.0 – Reflected Cross-Site Scripting (XSS)
# Google Dork: N/A
# Date: 2024-08-12
# Exploit Author: GURJOT SINGH
# Vendor Homepage: https://ritecms.com/
# Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.0.0/ritecms.v3.0.0.zip
# Version: <= 3.0.0
# Tested on: Ubuntu 22.04 LTS, PHP 8.1, Apache 2.4
# CVE: CVE-2024-28623
## Description:
A reflected Cross-Site Scripting (XSS) vulnerability exists in RiteCMS v3.0.0 within the `main_menu/edit_section` parameter.
An attacker can inject arbitrary JavaScript code that will execute in the context of the victim's browser session.
## Impact:
- Theft of credentials or session tokens
- Phishing or malicious redirection
- Full control over the victim’s active browser session
## Proof of Concept (PoC):
Payload:
'"><svg/onload=confirm(/xsss/)>
Steps:
1. Log in or navigate to the vulnerable `main_menu/edit_section` functionality.
2. Inject the above payload into the vulnerable parameter.
3. Observe the execution of the injected JavaScript.
Video PoC:
https://github.com/GURJOTEXPERT/ritecms/blob/main/POC.mp4
Full write-up & repository:
https://github.com/GURJOTEXPERT/ritecms
## Mitigation:
- Implement strict input validation and output encoding.
- Enforce a Content Security Policy (CSP) to limit script execution.
- Update RiteCMS to a patched version when available.
