Kentico CMS 5.5R2.23 Cross Site Scripting

2011.06.02
Credit: Gjoko 'LiquidWorm' Krstic
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Kentico CMS <=5.5R2.23 Cross-Site Scripting POST Injection Vulnerability Vendor: Kentico Software Product web page: http://www.kentico.com Affected version: 5.5R2.23 and bellow Summary: .NET Web Content Management System for ASP.NET Desc: Kentico CMS suffers from a XSS vulnerability when parsing user input to the 'userContextMenu_parameter' parameter via POST method in '/examples/webparts/membership/users-viewer.aspx'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. Tested on: Microsoft Windows XP Pro SP3 (EN) Microsoft-IIS/7.5 ASP.NET 2.0.50727 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic liquidworm gmail com Vendor timeline: 12.03.2011 - Vulnerability discovered. 21.05.2011 - Vendor contacted with sent PoC files. 23.05.2011 - Vendor replies. 23.05.2011 - Asked vendor for confirmation. 24.05.2011 - Vendor confirms issue scheduling hotfix 5.5R2.24. 31.05.2011 - Coordinated public security advisory released. Advisory ID: ZSL-2011-5015 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5015.php Vendor Advisory: http://devnet.kentico.com/Bugtracker/Hotfixes.aspx 12.03.2011 --- POST http://localhost/examples/webparts/membership/users-viewer.aspx HTTP/1.1 &userContextMenu_parameter=%22%20onmouseover%3Dalert%281%29%20zsl%3D%22

References:

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5015.php


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top