XINHA Editor Plugin "ExtendedFileManager" backend.php Cross Site Scripting

2010-07-19 / 2010-07-20
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

[MajorSecurity SA-077]XINHA Editor Plugin "ExtendedFileManager" - Cross Site Scripting Issue Details ============= Product: XINHA Editor Plugin "ExtendedFileManager" Security-Risk: low Remote-Exploit: yes Vendor-URL: http://www.xinha.org/ Advisory-Status: published Credits ============= Discovered by: David Vieira-Kurz of MajorSecurity Original Advisory ============= http://www.majorsecurity.net/xinha-editor-xss.php Affected Products: ============= XINHA Editor 0.96.1 Plugin "ExtendedFileManager" Prior versions may also be vulnerable Description ============= "Xinha (pronounced like Xena, the Warrior Princess) is a powerful WYSIWYG HTML editor component that works in all current browsers." - from xinha.org More Details ============= We at MajorSecurity have discovered some vulnerabilities in one of the Plugins in XINHA WYSIWYG Editor version 0.96.1, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed directly to the "mode" parameter in "backend.php" of the "ExtendedFileManager" Plugin is not properly sanitised before being stored and returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Solution ============= Web applications should never trust on user generated input and therefore sanatize all input. Edit the source code to ensure that input is properly sanitised. MajorSecurity ================ MajorSecurity is a German penetrationtest and sourcecode audit company which focuses on application security. We offer professional source code audit, penetrationstest and pci dss compliance tests. Visit us at http://www.majorsecurity.net/source-code-audit.php


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top