CVE-2023-48201 Sunlight CMS version 8.0.1 Vulnerability

CVE-2023-48201 is a high-severity Cross-Site Scripting (XSS) vulnerability discovered in Sunlight CMS version 8.0.1. This vulnerability allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component of the CMS. Specifically, the vulnerability has been identified in the Create/Edit Article function of Sunlight CMS.

The vulnerability is classified as CWE-79: Cross-site Scripting (XSS) – Stored, indicating that it involves the storage of malicious JavaScript code on the server, which is later executed in the browser of a user viewing the affected content. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 8.0, which is considered high. The CVSS vector is noted as CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.

In a detailed scenario, a user belonging to the ‘Editors’ group, or any group with permissions to create and edit articles, can inject malicious JavaScript into the ‘Content’ text editor. When an Administrator or Super Administrator views the approved article, the malicious code is executed. This vulnerability allows a low-privileged user to escalate their privileges, potentially gaining administrative or super administrative access. This access enables the malicious user to create, edit, and delete content in the CMS, manage users with various privileges, and access the database through backup functionalities.

Impact:

CVE-2023-48201 is a Stored Cross-Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1. It allows authenticated low-privileged users, such as those in the ‘Editors’ group, to escalate their privileges. By injecting malicious JavaScript code into the ‘Content’ text editor of an article, the attacker can execute this code when the article is viewed by an Administrator or Super Administrator. This vulnerability can lead to unauthorized privilege escalation, enabling the attacker to create, edit, and delete content, manage users with different privileges, and access the database using the CMS’s backup functionality​​​​.

Mitigation/Remediation:

The recommended mitigation for this vulnerability is to sanitize the Article content before inserting it into the database. Sanitization involves removing or neutralizing any potentially harmful scripts or elements in the content, ensuring they cannot execute malicious actions when rendered in a user’s browser. This approach helps prevent the execution of arbitrary scripts and reduces the risk of privilege escalation and other malicious activities​​.

Affected Systems:

The specific system affected by CVE-2023-48201 is Sunlight CMS version 8.0.1. Sunlight CMS is a content management system, and this particular vulnerability is present in the Create/Edit Article function of the CMS. It’s crucial for administrators and users of Sunlight CMS v.8.0.1 to be aware of this vulnerability and apply necessary security measures to mitigate the risk​​​​.

For further technical details and updates regarding CVE-2023-48201, you can refer to the sources mentioned, including the original report by Mechaneus Security Research and Bug Hunting, as well as information from Tenable, CVE-Search, OpenCVE, and CXSecurity.