[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAB0hXMpbNmG-NiKavfsBMp+giTDxF+svB-YwynhYF7-ZUm2OTw@mail.gmail.com>
Date: Tue, 12 Jan 2016 15:34:58 -0600
From: Peter Lapp <lappsec@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] EasyDNNnews Reflected XSS
Details
=======
Product: EasyDNNnews
Vulnerability: Reflected XSS
Author: Peter Lapp, lappsec () gmail com
CVE: None
Vulnerable Versions: <7.5
Fixed Version: 7.5
Summary
=======
>From the vendor's website: "EasyDNNnews is a very powerful DotNetNuke
module that enables non-technical users to publish and manage articles,
news, press releases, stories and editorials."
During an engagement it was discovered that reflected XSS could be achieved
in two locations by appending a bogus GET parameter that contained
JavaScript in the parameter name. After alerting EasyDNNsolutions of the
vulnerability, they informed me that one of the vulnerabilities had already
been fixed and the other would be fixed in an upcoming release.
Example
=================
http://targetsite.com/Blog/Details/blog-post?%3C/script%3E%3Cscript%3Ealert%280%29%3C/script%3E=1
Solution
========
Upgrade to 7.5
Timeline
========
08/31/15 - Contacted EasyDNNnews about the vulnerability.
09/01/15 - Vendor responds and says the first vulnerability has been fixed
and the other will be in the next release, which was 7.5.
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists