Mura CMS 7.0.6967 Cross Site Scripting

Published
Credit
Risk
2017.05.04
Zhao Liang
Low
CWE
CVE
Local
Remote
CWE-79
CVE-2017-8302
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

Credits
===============
Zhao Liang, Huawei Weiran Labs


Vendor:
===============
Blue River Interactive Group


Product:
========================
Mura CMS

Mura CMS is built with one focused purpose in mind - to make it easier and faster for people to build and maintain even the most ambitious websites.


Vulnerability Type:
================================
XSS


CVE Reference:
==============
CVE-2017-8302


Vulnerability Details:
=====================
Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/views/cusers/inc/dsp_search_form.cfm, admin/core/views/cusers/inc/dsp_users_list.cfm, admin/core/views/cusers/list.cfm, and admin/core/views/cusers/listusers.cfm.


Exploitation Technique:
=======================
Remote


Severity Level:
===============
High


Best Regards,
Zhao Liang, Huawei Weiran Labs


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com