Mephisto blog is vulnerable to XSS

2007-03-30 / 2007-03-31
Risk: Low
Local: No
Remote: Yes

CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Hello everyone! Current bleeding-edge version of Mephisto blog is vulnerable to XSS. Comment's author name accept javascript code. If admin approves/ rejects comments manually, he have to load all unapproved comments, so it's possible to fetch his session id. Example Add new comment with the following author name: <script>alert (document.cookie)</script> Then from admin's overview section check this comment - you'll see message with cookie. If you manually approve your comments, check list of pending comments. How to fix it patch for <approot>/app/helpers/application_helper.rb : 5c5 < return if comment.author_url.blank? --- > return h( if comment.author_url.blank? Best wishes! Sergey Tikhonov

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020,


Back to Top