CVE-2023-43878

MEDIUM

Rite CMS 3.0 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-43878. PoCs published by sromanhu.

AI-analyzed exploit summary This repository demonstrates a stored XSS vulnerability in Rite CMS v3.0, where malicious payloads can be injected into the 'Name', 'Title', 'Link', and 'Accesskey' fields of the Main Menu in the Administration panel. The provided payload executes arbitrary JavaScript when rendered in the web interface.

Description

Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu.

Exploits (1)

nomisec WORKING POC

by sromanhu · poc

https://github.com/sromanhu/CVE-2023-43878-RiteCMS-Stored-XSS---MainMenu

View Code ZIP pw:eip

This repository demonstrates a stored XSS vulnerability in Rite CMS v3.0, where malicious payloads can be injected into the 'Name', 'Title', 'Link', and 'Accesskey' fields of the Main Menu in the Administration panel. The provided payload executes arbitrary JavaScript when rendered in the web interface.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Rite CMS v3.0

Auth required

Prerequisites: Access to the Rite CMS administration panel · Ability to add or edit Main Menu items

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/sromanhu/RiteCMS-Stored-XSS---MainMenu/blob/main/README.md

View Exploit ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0049

EPSS Percentile 38.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

ritecms/ritecms 3.0

Published Sep 28, 2023

Tracked Since Feb 18, 2026