Title: Stored Cross-Site Scripting in TYPO3 Bookmarks
CVE ID: CVE-2016-4056
CVSSv3 Base Score: 4.6 (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)
Products: TYPO3 Core (6.2.x)
Advisory Release Date: 24 February 2016
Advisory URL: https://labs.integrity.pt/advisories/cve-pending-stored-cross-site-scripting-in-typo3-bookmarks
Credits: Discovery by Filipe Reis <fr[at]integrity.pt>
TYPO3 core is vulnerable to stored cross-site scripting when a bookmark is created.
This Stored-XSS can be exploited when a new bookmark is created.
To replicate this issue we go to any page and click on "Create a bookmark to this page".
And now grab the POST request that is being passed to the server and change the "module" parameter to your payload.
The response of this request will be the following:
Now the page will redirect and the Stored-XSS will be there.