Contexis 1.0 CMS Reflected XSS

2013.10.25

Credit: Juan Francisco

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2013-6239

CWE: CWE-79

Ogólna skala CVSS: 4.3/10

Znaczenie: 2.9/10

Łatwość wykorzystania: 8.6/10

Wymagany dostęp: Zdalny

Złożoność ataku: Średnia

Autoryzacja: Nie wymagana

Wpływ na poufność: Brak

Wpływ na integralność: Częściowy

Wpływ na dostępność: Brak

CVE-2013-6239:Contexis 1.0 CMS, Reflected Xss

Severity: Medium

Vendor: exis-ti.com

Versions Affected: 1.0

Description: The contexist has be found the reflected XSS Vulnerability if
use the photo gallery model someone can insert xss code at the url
executing javascript codes on the web.

Exploit:

GET /publicas/galeria-imagenes/Galeria-XXXXX.html?action=detail&image=<XSS
code>

Solution: update to Contexis 2.0 CMS

Credit: This issue was discovered by  Juan Francisco Bolivar
es.linkedin.com/in/jfbolivar/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6239
-- 

Un saludo, Juan Francisco

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Contexis 1.0 CMS Reflected XSS

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.