CI4MS Stored XSS Vulnerability in User Management

CI4MS, a CodeIgniter 4-based CMS skeleton designed for production environments, is vulnerable to a stored XSS flaw within its backend user management system. Versions prior to 0.31.0.0 fail to adequately sanitize user-supplied input before rendering it in the administrative interface. This allows a malicious actor to inject persistent JavaScript code that executes automatically whenever a backend user accesses the compromised page. Successful exploitation grants the attacker the ability to hijack user sessions, escalate privileges to gain higher access levels, and potentially achieve complete control over administrative accounts. Users are advised to upgrade to version 0.31.0.0 or later to mitigate this vulnerability.

Attack Chain

1. An attacker authenticates to the CI4MS backend with sufficient privileges to modify user profiles or other data within the user management section.
2. The attacker injects malicious JavaScript code into a user profile field, such as the “username,” “email,” or any other editable field that is not properly sanitized.
3. The crafted payload is submitted and stored in the CI4MS database without proper encoding or sanitization.
4. A backend administrator logs into the CI4MS administrative interface and navigates to the user management section.
5. The vulnerable page retrieves the unsanitized data containing the malicious JavaScript from the database and renders it in the administrator’s browser.
6. The injected JavaScript code executes within the administrator’s browser session, allowing the attacker to perform actions on behalf of the administrator.
7. The attacker can steal the administrator’s session cookie, allowing them to bypass authentication and gain persistent access to the administrative interface.
8. With administrative access, the attacker can install malware, modify system configurations, or exfiltrate sensitive data.

Impact

Successful exploitation of this stored XSS vulnerability in CI4MS can have severe consequences, potentially leading to complete compromise of the affected system. An attacker could gain full control over administrative accounts, allowing them to modify website content, install malicious plugins, or steal sensitive data. The vulnerability poses a significant risk to organizations using vulnerable versions of CI4MS to manage their websites.

Recommendation

• Upgrade CI4MS to version 0.31.0.0 or later to patch the vulnerability.
• Deploy the Sigma rule Detect CI4MS XSS Attempt via HTTP POST to identify potential exploitation attempts.
• Implement input validation and output encoding/escaping on all user-supplied data within the CI4MS application to prevent future XSS vulnerabilities.