ZeroCMS Persistent Cross-Site Scripting Vulnerability

2014.07.30
Credit: Mayuresh Dani
Risk: Low
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

###################### # Exploit Title: Persistent ZeroCMS Cross-Site Scripting Vulnerability # Discovered by: Mayuresh Dani # Vendor Homepage: http://www.aas9.in/zerocms/ # Software Link: https://github.com/pcx1256/zerocms/archive/master.zip # Version: 1.0? # Date: 2014-07-25 # Tested on: Windows 7 / Mozilla Firefox Ubuntu 14.04 / Mozilla Firefox # CVE: CVE-2014-4710 ###################### # Vulnerability Disclosure Timeline: 2014-06-15: Discovered vulnerability 2014-06-23: Vendor Notification (Support e-mail address) 2014-07-25: Public Disclosure # Description ZeroCMS is a very simple Content Management System Built using PHP and MySQL. The application does not validate any input to the "Full Name", "Email Address", "Password" or "Confirm Password" functionality. It saves this unsanitized input in the backend databased and executes it when visiting the subsequent or any logged-in pages. ###################### # Steps to reproduce the vulnerability 1) Visit the "Create Account" page (eg. http://localhost/zerocms/zero_transact_user.php) 2) Enter your favourite XSS payload and click on "Create Account" 3) Enjoy! More information: https://community.qualys.com/blogs/securitylabs/2014/07/24/yet-another-zerocms-cross-site-scripting-vulnerability-cve-2014-4710 ##################### Thanks, Mayuresh.

References:

https://community.qualys.com/blogs/securitylabs/2014/07/24/yet-another-zerocms-cross-site-scripting-vulnerability-cve-2014-4710


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top