lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALH-=7xLL2+_pmuvMGVzfuoW-7qfKnuUOoz+SfJYH8x64-=GrQ@mail.gmail.com> Date: Sun, 4 Jan 2015 16:09:28 +0100 From: Steffen Rösemann <steffen.roesemann1986@...il.com> To: fulldisclosure@...lists.org Subject: [FD] Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0 Advisory: Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0 Advisory ID: SROEADV-2014-06 Author: Steffen Rösemann Affected Software: CMS Sefrengo v.1.6.0 Vendor URL: http://www.sefrengo.org/ Vendor Status: solved CVE-ID: - ========================== Vulnerability Description: ========================== The CMS Sefrengo v. 1.6.0 contains a reflecting XSS vulnerability in its administrative backend. ================== Technical Details: ================== The CMS Sefrengo v.1.6.0 contains a reflecting XSS vulnerability in its administrative backend, which resides in the main.php file: http://{TARGET}/backend/main.php?area=user&idgroup=0&order=&ascdesc=ASC&searchterm=&page=1 Via the parameter "searchterm", an attacker is able to craft a link with arbitrary HTML- and/or JavaScript-code which gets executed, if clicked on. Exploit-Example: http://{TARGET}/backend/main.php?area=user&idgroup=0&order=&ascdesc=ASC&searchterm=<script>alert(document.cookie)</script><!--&page=1 ========= Solution: ========= Update to the latest version. ==================== Disclosure Timeline: ==================== 28-Dec-2014 – found the vulnerability 28-Dec-2014 - informed the developers 28-Dec-2014 – release date of this security advisory [without technical details] 04-Jan-2015 - patch by vendor 04-Jan-2015 - release date of this security advisory 04-Jan-2015 - post to lists ======== Credits: ======== Vulnerability found and advisory written by Steffen Rösemann. =========== References: =========== http://www.sefrengo.org/ http://sroesemann.blogspot.de _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists