[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE Request - BigTree CMS - Stored XSS while creating a new user
From:       Anirudh Anand <anirudhanand722 () gmail ! com>
Date:       2015-06-26 17:12:46
Message-ID: CAMntfF29sAAROb6dwGSkk0+t+DLAgrX6aShHhyJReK=nbup10w () mail ! gmail ! com
[Download RAW message or body]


Hello all,

BigTree CMS is a popular Content Management System written in PHP. While
creating a new user, the "*Name*" and "*Company*" parameters are not
properly sanitized and it leads to stored XSS.

*Date:* 25th June, 2015

*Exploit Author:* Anirudh Anand

*Vendor Homepage*: https://www.bigtreecms.org/

*Software Link:* https://www.bigtreecms.org/download/

*Version: *< 4.2.2

*Tested on:* Linux:- Ubuntu, Debian


The issue has been successfully reported to vendor and they have released
an update for the same.

*References: *

*Bug Report:* https://github.com/bigtreecms/BigTree-CMS/issues/205

*Fix Released:*
https://github.com/bigtreecms/BigTree-CMS/commit/e13aa4795cdeb1ab1dc0f5fd0b66df2d1296591d

-- 

Anirudh Anand
bi0s@AMRITA
www.securethelock.com

*"Those who Say it cannot be done, should not interrupt the people doing
it"*


[prev in list] [next in list] [prev in thread] [next in thread]