How the CVE Works
CVE-2025-29389 is a stored Cross-Site Scripting (XSS) vulnerability in PbootCMS v3.2.9. The flaw exists in the `admin.php?p=/Content/index/mcode/2tab=t2` endpoint due to improper input sanitization. Attackers can inject malicious JavaScript payloads via crafted HTTP requests, which are then executed when an administrator views the affected content section. The vulnerability arises from insufficient output encoding in the content management interface, allowing persistent script execution within the admin panel.
DailyCVE Form
Platform: PbootCMS
Version: 3.2.9
Vulnerability: Stored XSS
Severity: Critical
Date: 04/15/2025
What Undercode Say:
Exploitation
1. Craft Payload:
<script>alert(document.cookie)</script>
2. Exploit via Curl:
curl -X POST -d "content=<malicious_script>" "http://target.com/admin.php?p=/Content/index/mcode/2"
3. Trigger XSS:
Admin visits `/Content/index/mcode/2tab=t2`, executing the payload.
Protection
1. Input Sanitization:
htmlspecialchars($_POST['content'], ENT_QUOTES, 'UTF-8');
2. WAF Rules:
location ~ admin.php {
modsecurity_rules 'SecRule ARGS "@rx <script>" "id:1001,deny,msg:XSS Attempt"';
}
3. Patch Upgrade:
composer update pbootcms/core --patch
Detection
1. Log Analysis:
grep "POST /admin.php" /var/log/nginx/access.log | grep -i "script"
2. Vulnerability Scan:
nuclei -t xss.yaml -u http://target.com/admin.php
Mitigation
1. Disable Vulnerable Module:
// config.php
define('DISABLE_MCODE_2', true);
2. CSP Header:
Header set Content-Security-Policy "default-src 'self'; script-src 'unsafe-inline'"
References
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-29389
- Patch: PbootCMS GitHub Advisory 29389
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
