lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Feb 2018 05:38:42 GMT From: preethiknambiar@...il.com To: bugtraq@...urityfocus.com Subject: Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS 1. Introduction Vendor : Yab Affected Product : Quarx through 2.4.3 Fixed in : Quarx 2.4.5 and 2.4.6 Vendor Website : https://quarxcms.com/ Vulnerability Type : Persistent XSS Remote Exploitable : Yes CVE External Identifier : CVE-2018-7274 2. Technical Description There are multiple Persistent XSS vulnerabilities in Quarx Content Management System. These vulnerabilities exists due to insufficient sanitization of user-supplied data. 3. Affected pages and parameters: Blog -> 'Title' FAQ -> 'Question' Pages -> 'Title' Widgets -> 'Name' Menus -> 'Name' 5. Credit Preethi Koroth (@p3core0ath) 6. Reference: https://github.com/YABhq/Quarx/issues/115