CMS Made Simple 1.10.3 Cross Site Scripting

2012.04.03
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

+---------------------------------------------------------------------------------------------------------------------------------+ # Exploit Title : CMS Made Simple <= 1.10.3 XSS Vulnerability # Date : 02-04-2012 # Author : Ivano Binetti (http://ivanobinetti.com) # Vendor site : http://www.cmsmadesimple.org/ # Software link : http://s3.amazonaws.com/cmsms/downloads/8886/cmsmadesimple-1.10.3-full.tar.gz # Version : 1.10.3 and lower # Tested on : Debian Squeeze (6.0) # Original Advisory : http://www.webapp-security.com/2012/04/cms-made-simple/ # CVE : CVE-2012-1992 +---------------------------------------------------------------------------------------------------------------------------------+ Summary 1)Introduction 2)Description 3)Exploit +---------------------------------------------------------------------------------------------------------------------------------+ 1)Introduction CMS Made Simple is "an open source content management system, allows for faster and easier management of website content. This CMS is scalable for small businesses to large corporations". 2)Description CMS Made Simple 1.10.3 (and lower) is prone to a XSS vulnerability due to an improper input sanitization of "email" parameter, passed to server side script "admin/edituser.php" via http POST method. 3)Exploit Insert the following code in "Email Address" field within "Edit User" template: <script>alert(document.cookie)</script> +---------------------------------------------------------------------------------------------------------------------------------+

References:

http://s3.amazonaws.com/cmsms/downloads/8886/cmsmadesimple-1.10.3-full.tar.gz
http://www.webapp-security.com/2012/04/cms-made-simple/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top