Symphony 2.6.3 – Multiple Persistent Cross-Site Scripting Vulnerabilities

2015.12.14
Credit: Arjun Basnet
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

================================================================ Symphony 2.6.3 – Multiple Persistent Cross-Site Scripting Vulnerabilities ================================================================ Information ********************** Vulnerability Type : Multiple Persistent Cross Site Scripting Vulnerabilities Vulnerable Version : 2.6.3 Severity: Medium Author – Arjun Basnet CVE-ID: N/A Homepage: *http://www.getsymphony.com/ <http://www.getsymphony.com/> * Description *********************** Bedita is prone to Multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user of the affected site. Proof of Concept URL *************************** [+] http://localhost/symphony/symphony/system/preferences/success/ Affected Area ***************** [+] http://localhost/symphony/symphony/system/preferences/ Payload ======================= "><script>alert(1);</script> Advisory Information: ================================================ Symphony CMS XSS Vulnerability Severity Level: ========================================================= High Description: ========================================================== Vulnerable Product ************************* [+] Symphony 2.6.3 Vulnerable Parameter(s) ****************************** email_sendmail[from_name] email_sendmail[from_address] email_smtp[from_name] email_smtp[from_address] email_smtp[host] email_smtp[port] it_image_manipulation[trusted_external_sites] maintenance_mode[ip_whitelist] Advisory Timeline ************************ 03-Nov-2015- Reported 05-Nov-2015- Vendor Response 10-Dec-2015- Vendor Released Fixed version 12-Dec-2015- Public disclosed Fixed Version: ***************** [+] Symphony 2.6.4 (http://www.getsymphony.com/download/) Reference ***************** [+] https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) Credits & Authors ************************ Arjun Basnet from Cyber Security Works Pvt. Ltd. ( http://cybersecurityworks.com) -- ---------- Cheers !!! Team CSW Research Lab <http://www.cybersecurityworks.com>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top