ZeroCMS 1.0 Cross Site Scripting

2014.07.01
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

ZeroCMS v1.0 Cross-Site Scripting Vulnerability Vendor: Another Awesome Stuff Product web page: http://www.aas9.in/zerocms Affected version: 1.0 Severity: Medium CVE: CVE-2014-4195 Date: 20/06/2014 Discovered by: Filippos Mastrogiannis (@filipposmastro) ZeroCMS is a very simple Content Management System Built using PHP and MySQL. Description: ZeroCMS v1.0 is vulnerable to Cross-Site Scripting (XSS) A cross site scripting vulnerability identified in the variable: "article_id" of the "zero_view_article.php" file which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the user input is interpreted as HTML/JavaScript by the browser. Proof Of Concept: In order to trigger the vulnerability and to display an alert box with the session cookie use the following standard payload: http://localhost/zerocms/zero_view_article.php?article_id=<script>alert(document.cookie);</script>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top