CMS b2evolution 5.2.0 Cross Site Scripting

2015.01.14
Credit: Steffen
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Advisory: Reflecting XSS vulnerability in CMS filemanager of b2evolution v. 5.2.0 Advisory ID: SROEADV-2014-09 Author: Steffen Rsemann Affected Software: CMS b2evolution v. 5.2.0 (Release-Date: 6th-Dec-2014) Vendor URL: http://b2evolution.net/ Vendor Status: did not respond to issue CVE-ID: - ========================== Vulnerability Description: ========================== The filemanager of b2evolution v. 5.2.0 is prone to reflecting XSS attacks. ================== Technical Details: ================== By appending aribitrary HTML- and/or JavaScriptcode to the "fm_filter" parameter of the URL where the filemanager functionality of b2eveolution is located, an attacker could trick an authenticated administrative user to execute the code. Filemanager is located here on a common b2evolution installation: http:// {TARGET}/blogs/admin.php?fm_filter=&actionArray[filter]=Apply&ctrl=files&locale=&blog=1&mode=&ajax_request=0&root=collection_1&path=&fm_mode=&linkctrl=&linkdata=&iframe_name=&fm_hide_dirtree=0&fm_flatmode=&fm_order=&fm_orderasc= Exploit-Example: http:// {TARGET}/blogs/admin.php?fm_filter=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&actionArray[filter]=Apply&ctrl=files&locale=&blog=1&mode=&ajax_request=0&root=collection_1&path=&fm_mode=&linkctrl=&linkdata=&iframe_name=&fm_hide_dirtree=0&fm_flatmode=&fm_order=&fm_orderasc= ========= Solution: ========= Vendor did not respond and submitted no solution. ==================== Disclosure Timeline: ==================== 30-Dec-2014 ? found the vulnerability 30-Dec-2014 - informed the developers (incl. announcement to release technical details on 13th Jan 2015 if there is no response) 30-Dec-2014 ? release date of this security advisory [without technical details] 13-Jan-2015 - vendor did not respond 13-Jan-2015 - release date of this security advisory 13-Jan-2015 - send to lists ======== Credits: ======== Vulnerability found and advisory written by Steffen Rsemann. =========== References: =========== [1] http://b2evolution.net/ [2] http://sroesemann.blogspot.de/2014/12/sroeadv-2014-09.html [3] http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-09.html

References:

http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-09.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top