gpEasy CMS 4.4 Cross Site Scripting

2015.05.08
Credit: provensec
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Affected software: gpeasy cms # Type of vulnerability:stored xss # URL:gpeasy.com # Discovered by: provensec # Website: provensec.com #version: gpEasy 4.4 # Proof of concept goto edit layout and fill filed with xss payload "><img src=d onerror=confirm(1);> and save it javascript will execute --20cf303f64d02dcd89051578f782 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div class=3D"gmail_default" style><span style=3D"font-fam= ily:&#39;comic sans ms&#39;,sans-serif"></span><font face=3D"comic sans ms,= sans-serif"># Affected software:=A0gpeasy cms</font></div><div class=3D"gm= ail_default" style><font face=3D"comic sans ms, sans-serif"># Type of vulne= rability:stored xss</font></div><div class=3D"gmail_default" style><font fa= ce=3D"comic sans ms, sans-serif"># URL:<a href=3D"http://gpeasy.com">gpeasy= .com</a></font></div><div class=3D"gmail_default" style><font face=3D"comic= sans ms, sans-serif"># Discovered by: provensec</font></div><div class=3D"= gmail_default" style><font face=3D"comic sans ms, sans-serif"># Website: <a= href=3D"http://provensec.com">provensec.com</a></font></div><div class=3D"= gmail_default" style><font face=3D"comic sans ms, sans-serif"><br></font></= div><div class=3D"gmail_default" style><font face=3D"comic sans ms, sans-se= rif">#version:=A0</font><span style=3D"color:rgb(136,136,136);font-family:s= ans-serif;font-size:11px;line-height:18px;background-color:rgb(34,34,34)">g= pEasy 4.4</span></div><div class=3D"gmail_default" style><font face=3D"comi= c sans ms, sans-serif"># Proof of concept</font><span style=3D"font-family:= &#39;comic sans ms&#39;,sans-serif"></span></div><div class=3D"gmail_defaul= t" style><span style=3D"font-family:&#39;comic sans ms&#39;,sans-serif"><br= ></span></div><div class=3D"gmail_default" style><font face=3D"comic sans m= s, sans-serif">goto=A0</font></div><div class=3D"gmail_default" style><font= face=3D"comic sans ms, sans-serif"><br></font></div><div class=3D"gmail_de= fault" style><font face=3D"comic sans ms, sans-serif">edit layout and fill = filed with xss payload=A0&quot;&gt;&lt;img src=3Dd onerror=3Dconfirm(1);&gt= ; and save it javascript will execute=A0</font><br></div><div class=3D"gmai= l_default" style><font face=3D"comic sans ms, sans-serif"><br></font></div>= <div class=3D"gmail_default" style><font face=3D"comic sans ms, sans-serif"= ><br></font></div></div>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top