[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: [CVE-2014-1607.] Cross Site Scripting(XSS) in Drupal Event calendar module
From: ali.hussein () helpag ! com
Date: 2014-01-23 19:00:12
Message-ID: 201401231900.s0NJ0C25028466 () sf01web1 ! securityfocus ! com
[Download RAW message or body]
Advisory ID: hag2014101
Product: EventCalendar
Vendor: Drupal
Vulnerable Version(s): Drupal 7.14 and probably newer version
Tested Version: Drupal 7.14
Advisory Publication: January 23, 2014
Vendor Notification: November 20, 2013
Public Disclosure: January 23, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-1607
Risk Level: Medium
CVSSv2 Base Score: 6.4 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Solution not yet released
Discovered and Provided: help AG Middle East
------------------------------------------------------------------------
-----------------------
about the vendor:
Drupal is an open source content management platform powering millions of websites \
and applications. It’s built, used, and supported by an active and diverse community \
of people around the world. Advisory Details:
During a Pentest Help AG auditors(Ali & Khalilov) discovered the following:
Reflected cross-site scripting (XSS) vulnerability in Drupal 7.14 EventCalendar \
Module, found in eventcalendar/year allows remote attackers to inject arbitrary web \
scripts or HTML after the inproperly sanitizited Year Parameter an adversary might \
use this vulnerability, an onmouseover payload was injected after the year which gets \
executed succssfully. 1) Cross-Site Scripting (XSS) in Mediatrix Web Management \
Interface: CVE-2014-1612
As proof of concept, one needs to access the following URL on a \
eventcalander/2013%22%20onmouseover%3dalert%28%27XSSed%27%29%20bad%3d%22 on the \
vulnerable website
Hackers could craft malicious URLs and send them and use them to steal cookies \
properly compromise the application.
------------------------------------------------------------------------
-----------------------
Solution:
The vendor was notified, contact the vendor for the patch details
------------------------------------------------------------------------
-----------------------
References:
[1] help AG middle East http://www.helpag.com/.
[2] Drupal https://drupal.org/
[3]
[4] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - \
international in scope and free for public use, CVE ® is a dictionary of publicly \
known information security vulnerabilities and exposures. [5] Common Weakness \
Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security \
practitioners, CWE is a formal list of software weakness types.
------------------------------------------------------------------------
-----------------------
Disclaimer: The information provided in this Advisory is provided "as is" and without \
any warranty of any kind. Details of this Advisory may be updated in order to provide \
as accurate information as possible.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic