'[FD] CMS Made Simple 2.2.5 [Stored Cross-Site Scripting]'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [FD] CMS Made Simple 2.2.5 [Stored Cross-Site Scripting]
From:       Kyaw Min Thein <weev3 () outlook ! com>
Date:       2018-01-22 4:17:45
Message-ID: SN1PR0501MB211083991DB6295749C13B68EEEC0 () SN1PR0501MB2110 ! namprd05 ! prod ! outlook ! com
[Download RAW message or body]

1.OVERVIEW

CMS Made Simple version 2.2.5 is vulnerable to Stored Cross-Site Scripting.

2. PRODUCT DESCRIPTION

CMS Made Simple is open source CMS for developing website.

3. VULNERABILITY DESCRIPTION

The CMS Made Simple version 2.2.5 in admin/addbookmark.php didn't validate =
correctly in title parameter, so it can be execute as malicious javascript =
code.

4. VERSIONS AFFECTED

2.2.5 and can below.

5. PROOF-OF-CONCEPT

https://kyawminthein901497298.wordpress.com/2018/01/22/the-journey-begins/
[https://kyawminthein901497298.files.wordpress.com/2018/01/stored-xss.png]<=
https://kyawminthein901497298.wordpress.com/2018/01/22/the-journey-begins/>

CMS 2.2.5 Stored Cross-Site Scripting<https://kyawminthein901497298.wordpre=
ss.com/2018/01/22/the-journey-begins/>
CVE-2018-5963 CMS Made Simple (CMSMS) 2.2.5 has Stored XSS in admin/addbook=
mark.php via the title parameter. After this request, website will pop-up T=
he Add Shortcut title  field is not properly sa=85
kyawminthein901497298.wordpress.com

6. IMPACT

This occurs when web application fails to sanitize correctly, so malicious =
attacker can execute javascript code.

7. SOLUTION

Should some sanitize every user input field.

8. VENDOR

CMS Made Simple version 2.2.5

9. CREDIT

This vulnerability was discovered by Kyaw Min Thein,
https://kyawminthein901497298.wordpress.com/2018/01/22/the-journey-begins/
[https://kyawminthein901497298.files.wordpress.com/2018/01/stored-xss.png]<=
https://kyawminthein901497298.wordpress.com/2018/01/22/the-journey-begins/>

CMS 2.2.5 Stored Cross-Site Scripting<https://kyawminthein901497298.wordpre=
ss.com/2018/01/22/the-journey-begins/>
CVE-2018-5963 CMS Made Simple (CMSMS) 2.2.5 has Stored XSS in admin/addbook=
mark.php via the title parameter. After this request, website will pop-up T=
he Add Shortcut title  field is not properly sa=85
kyawminthein901497298.wordpress.com

10. DISCLOSURE TIME-LINE

1-19-2018 vulnerability reported to vendor
1-21-2018 notified vendor and vendor said they will not give features for u=
sing admin permission
1-22-2018 assigned as CVE-2018-5963 by mitre

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread] 