[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAMWaY3PmJkBs6HjOz7-iad6GckOueGGMgBCPgebKHd56sB5Ekg@mail.gmail.com>
Date: Sat, 12 Dec 2015 20:22:09 +0530
From: CSW Research Lab <disclose@...ersecurityworks.com>
To: fulldisclosure@...lists.org
Subject: [FD] SilverStripe CMS & Framework v3.2.0 – Cross-Site Scripting Vulnerability
================================================================
SilverStripe CMS & Framework v3.2.0 – Cross-Site Scripting Vulnerability
================================================================
Information
**********************
Vulnerability Type : Cross Site Scripting Vulnerability
Vulnerable Version : 3.2.0
Severity: Medium
Author – Arjun Basnet
CVE-ID: N/A
Homepage: https://www.silverstripe.org/download/
Description
***********************
SilverStripe CMS is prone to Cross-site scripting vulnerability because it
fails to sanitize user-supplied input. An attacker may leverage this issue
to execute arbitrary script code
in the browser of an unsuspecting user of the affected site.
Proof of Concept URL
***************************
[+]
http://192.168.56.101/SilverStripe/admin/security/EditForm/field/Members/item/new/ItemEditForm
Severity Level:
=========================================================
Medium
Description:
==========================================================
Vulnerable Product:
[+] SilverStripe CMS & Framework v3.2.0
Vulnerable Parameter(s):
[+] Locale
[+] FailedLoginCount
Advisory Timeline
************************
05-Nov-2015- Reported
11-Nov-2015- Vendor Response
16-Nov-2015- Vendor Fixed
12-Dec-2015- Public disclosed
Fixed Version:
*****************
[+] SilverStripe CMS & Framework v3.2.1
References
*****************
[+] http://www.silverstripe.org/download/security-releases/ss-2015-026
[+] https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
Credits & Authors
--------------------
Arjun Basnet from Cyber Security Works Pvt. Ltd. (
http://cybersecurityworks.com)
--
----------
Cheers !!!
Team CSW Research Lab <http://www.cybersecurityworks.com>
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists