| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMWaY3NbVOkOK+fgAmG3whFqEwnJa+vi3-NJ5Rhmy5HVRVgt=A@mail.gmail.com> Date: Sat, 12 Dec 2015 20:25:10 +0530 From: CSW Research Lab <disclose@...ersecurityworks.com> To: fulldisclosure@...lists.org Subject: [FD] Symphony 2.6.3 – Multiple Persistent Cross-Site Scripting Vulnerabilities ================================================================ Symphony 2.6.3 – Multiple Persistent Cross-Site Scripting Vulnerabilities ================================================================ Information ********************** Vulnerability Type : Multiple Persistent Cross Site Scripting Vulnerabilities Vulnerable Version : 2.6.3 Severity: Medium Author – Arjun Basnet CVE-ID: N/A Homepage: *http://www.getsymphony.com/ <http://www.getsymphony.com/> * Description *********************** Bedita is prone to Multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user of the affected site. Proof of Concept URL *************************** [+] http://localhost/symphony/symphony/system/preferences/success/ Affected Area ***************** [+] http://localhost/symphony/symphony/system/preferences/ Payload ======================= "><script>alert(1);</script> Advisory Information: ================================================ Symphony CMS XSS Vulnerability Severity Level: ========================================================= High Description: ========================================================== Vulnerable Product ************************* [+] Symphony 2.6.3 Vulnerable Parameter(s) ****************************** email_sendmail[from_name] email_sendmail[from_address] email_smtp[from_name] email_smtp[from_address] email_smtp[host] email_smtp[port] it_image_manipulation[trusted_external_sites] maintenance_mode[ip_whitelist] Advisory Timeline ************************ 03-Nov-2015- Reported 05-Nov-2015- Vendor Response 10-Dec-2015- Vendor Released Fixed version 12-Dec-2015- Public disclosed Fixed Version: ***************** [+] Symphony 2.6.4 (http://www.getsymphony.com/download/) Reference ***************** [+] https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) Credits & Authors ************************ Arjun Basnet from Cyber Security Works Pvt. Ltd. ( http://cybersecurityworks.com) -- ---------- Cheers !!! Team CSW Research Lab <http://www.cybersecurityworks.com> _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists