Mephisto blog is vulnerable to XSS

2007-03-30 / 2007-03-31
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Hello everyone! Current bleeding-edge version of Mephisto blog is vulnerable to XSS. Comment's author name accept javascript code. If admin approves/ rejects comments manually, he have to load all unapproved comments, so it's possible to fetch his session id. Example Add new comment with the following author name: <script>alert (document.cookie)</script> Then from admin's overview section check this comment - you'll see message with cookie. If you manually approve your comments, check list of pending comments. How to fix it patch for <approot>/app/helpers/application_helper.rb : 5c5 < return comment.author if comment.author_url.blank? --- > return h(comment.author) if comment.author_url.blank? Best wishes! Sergey Tikhonov


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top