CMS e107 1.0.4 Reflecting XSS vulnerability

2015.01.09
Credit: Steffen R
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Advisory: Reflecting XSS vulnerability in CMS e107 v. 1.0.4 Advisory ID: SROEADV-2014-05 Author: Steffen Rsemann Affected Software: CMS e107 v. 1.0.4 Vendor URL: http://e107.org Vendor Status: did not respond to issue CVE-ID: - ========================== Vulnerability Description: ========================== The CMS e107 v. 1.0.4 has a reflecting XSS vulnerability in its administrative backend which can be exploited by bypassing an XSS filter. ================== Technical Details: ================== The filemanager functionality of CMS e107 v. 1.0.4 has a reflecting XSS vulnerability. The filemanager is located here on a normal e107 installation: http://{TARGET}/e107_admin/filemanager.php The e107 files are located in the following folder, which is created when installing the CMS: http://{TARGET}/e107_admin/filemanager.php?e107_files/ By appending specially crafted HTML and/or JavaScript-code, an attacker could exploit this vulnerability. Exploit-Example: http://{TARGET}/e107_admin/filemanager.php?e107_files/%3C%73%63%72%69%70%74%3Ealert(String.fromCharCode(34,88, 83, 83,34))%3C%2F%73%63%72%69%70%74%3E%3C!--%3C%2F%73%63%72%69%70%74%3E%3C!-- ========= Solution: ========= Vendor didn't responded to this issue, as it is announced that issues on e107 v. 1.0.4 are handled on lower priority. ==================== Disclosure Timeline: ==================== 26/27-Dec-2014 – found the vulnerability 27-Dec-2014 - informed the developers 27-Dec-2014 – release date of this security advisory [without technical details] 03-Dec-2014 - opened up an issue on Github as vendor not responded (see https://github.com/e107inc/e107v1/issues/2) 09-Jan-2015 - release date of this security advisory 09-Jan-2015 - send to lists ======== Credits: ======== Vulnerability found and advisory written by Steffen Rsemann. =========== References: =========== [1] http://e107.org [2] http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html [3] https://github.com/e107inc/e107v1/issues/2 [4] http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html

References:

http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top