[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE Request - BigTree CMS - Stored XSS while creating a new user
From: Anirudh Anand <anirudhanand722 () gmail ! com>
Date: 2015-06-26 17:12:46
Message-ID: CAMntfF29sAAROb6dwGSkk0+t+DLAgrX6aShHhyJReK=nbup10w () mail ! gmail ! com
[Download RAW message or body]
Hello all,
BigTree CMS is a popular Content Management System written in PHP. While
creating a new user, the "*Name*" and "*Company*" parameters are not
properly sanitized and it leads to stored XSS.
*Date:* 25th June, 2015
*Exploit Author:* Anirudh Anand
*Vendor Homepage*: https://www.bigtreecms.org/
*Software Link:* https://www.bigtreecms.org/download/
*Version: *< 4.2.2
*Tested on:* Linux:- Ubuntu, Debian
The issue has been successfully reported to vendor and they have released
an update for the same.
*References: *
*Bug Report:* https://github.com/bigtreecms/BigTree-CMS/issues/205
*Fix Released:*
https://github.com/bigtreecms/BigTree-CMS/commit/e13aa4795cdeb1ab1dc0f5fd0b66df2d1296591d
--
Anirudh Anand
bi0s@AMRITA
www.securethelock.com
*"Those who Say it cannot be done, should not interrupt the people doing
it"*
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic