lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <71e70459-0b3c-f63c-d007-6927b1181418@secureli.com>
Date: Thu, 9 May 2019 09:06:19 -0400
From: John Martinelli <john@...ureli.com>
To: "bugtraq@...uritufocus.com" <bugtraq@...uritufocus.com>,
 "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] dotCMS v5.1.1 Vulnerabilities

Hello,

I identified several vulnerabilities in dotCMS v5.1.1 due to vulnerable 
open source dependencies.

Full security write up: 
http://secureli.com/dotcms-v5-1-1-vulnerable-open-source-dependencies/

The details:

/ROOT/html/js/scriptaculous/prototype.js

↳ prototypejs 1.5.0
prototypejs 1.5.0 has known vulnerabilities: severity: high; CVE: 
CVE-2008-7220; http://www.cvedetails.com/cve/CVE-2008-7220/ 
http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/

ROOT/assets/3/6/36c22c5d-c813-4869-a4b7-fcc10a74e8b6/fileAsset/jquery.min.js

↳ jquery 1.9.1
jquery 1.9.1 has known vulnerabilities: severity: medium; issue: 2432, 
summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; 
https://github.com/jquery/jquery/issues/2432 
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ 
https://nvd.nist.gov/vuln/detail/CVE-2015-9251 
http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: 
CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in 
event handlers; https://bugs.jquery.com/ticket/11974 
https://nvd.nist.gov/vuln/detail/CVE-2015-9251 
http://research.insecurelabs.org/jquery/test/ severity: low; CVE: 
CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, 
Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) 
because of Object.prototype pollution; 
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ 
https://nvd.nist.gov/vuln/detail/CVE-2019-11358 
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b

ROOT/assets/5/1/515cba4e-ac64-4523-b683-8e38329e7f46/fileAsset/bootstrap.min.js
↳ bootstrap 3.2.0
bootstrap 3.2.0 has known vulnerabilities: severity: high; issue: 28236, 
summary: XSS in data-template, data-content and data-title properties of 
tooltip/popover, CVE: CVE-2019-8331; 
https://github.com/twbs/bootstrap/issues/28236 severity: medium; issue: 
20184, summary: XSS in data-target property of scrollspy, CVE: 
CVE-2018-14041; https://github.com/twbs/bootstrap/issues/20184 severity: 
medium; issue: 20184, summary: XSS in collapse data-parent attribute, 
CVE: CVE-2018-14040; https://github.com/twbs/bootstrap/issues/20184 
severity: medium; issue: 20184, summary: XSS in data-container property 
of tooltip, CVE: CVE-2018-14042; 
https://github.com/twbs/bootstrap/issues/20184

ROOT/assets/9/9/99c7ffe7-e1c2-407f-85b7-ec483dbcf6f1/fileAsset/jquery.min.js
↳ jquery 3.3.1
jquery 3.3.1 has known vulnerabilities: severity: low; CVE: 
CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, 
Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) 
because of Object.prototype pollution; 
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ 
https://nvd.nist.gov/vuln/detail/CVE-2019-11358 
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b

ROOT/assets/f/6/f6fa6b13-3a96-4cbf-9a75-19a40137f05a/fileAsset/jquery.min.js

↳ jquery 1.9.1
jquery 1.9.1 has known vulnerabilities: severity: medium; issue: 2432, 
summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; 
https://github.com/jquery/jquery/issues/2432 
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ 
https://nvd.nist.gov/vuln/detail/CVE-2015-9251 
http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: 
CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in 
event handlers; https://bugs.jquery.com/ticket/11974 
https://nvd.nist.gov/vuln/detail/CVE-2015-9251 
http://research.insecurelabs.org/jquery/test/ severity: low; CVE: 
CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, 
Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) 
because of Object.prototype pollution; 
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ 
https://nvd.nist.gov/vuln/detail/CVE-2019-11358 
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b

ROOT/assets/4/a/4a5a727f-369b-49e0-bff5-42d9efb4ba90/fileAsset/jquery-2.1.1.min.js

↳ jquery 2.1.1.min
jquery 2.1.1.min has known vulnerabilities: severity: medium; issue: 
2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; 
https://github.com/jquery/jquery/issues/2432 
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ 
https://nvd.nist.gov/vuln/detail/CVE-2015-9251 
http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: 
CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in 
event handlers; https://bugs.jquery.com/ticket/11974 
https://nvd.nist.gov/vuln/detail/CVE-2015-9251 
http://research.insecurelabs.org/jquery/test/ severity: low; CVE: 
CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, 
Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) 
because of Object.prototype pollution; 
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ 
https://nvd.nist.gov/vuln/detail/CVE-2019-11358 
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b

ROOT/html/js/dojo/custom-build/dojo/dojo.js

↳ dojo 1.8.6
dojo 1.8.6 has known vulnerabilities: severity: medium; PR: 307; 
https://github.com/dojo/dojo/pull/307 
https://dojotoolkit.org/blog/dojo-1-14-released

ROOT/html/js/tinymce/js/tinymce/tinymce.min.js

↳ tinyMCE 4.1.6
tinyMCE 4.1.6 has known vulnerabilities: severity: medium; summary: xss 
issues with media plugin not properly filtering out some script 
attributes.; https://www.tinymce.com/docs/changelog/ severity: medium; 
summary: FIXED so script elements gets removed by default to prevent 
possible XSS issues in default config implementations; 
https://www.tinymce.com/docs/changelog/ severity: medium; summary: FIXED 
so links with xlink:href attributes are filtered correctly to prevent 
XSS.; https://www.tinymce.com/docs/changelog/

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ