lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <201705030927.v439Re0a001076@sf01web3.securityfocus.com> Date: Wed, 3 May 2017 09:27:40 GMT From: Leon.Zhao.7@...il.com To: bugtraq@...urityfocus.com Subject: Mura CMS Cross-Site Scripting (XSS) Vulnerability Credits =============== Zhao Liang, Huawei Weiran Labs Vendor: =============== Blue River Interactive Group Product: ======================== Mura CMS Mura CMS is built with one focused purpose in mind - to make it easier and faster for people to build and maintain even the most ambitious websites. Vulnerability Type: ================================ XSS CVE Reference: ============== CVE-2017-8302 Vulnerability Details: ===================== Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/views/cusers/inc/dsp_search_form.cfm, admin/core/views/cusers/inc/dsp_users_list.cfm, admin/core/views/cusers/list.cfm, and admin/core/views/cusers/listusers.cfm. Exploitation Technique: ======================= Remote Severity Level: =============== High Best Regards, Zhao Liang, Huawei Weiran Labs
Powered by blists - more mailing lists