Mura CMS 7.0.6967 Cross Site Scripting

2017.05.04
Credit: Zhao Liang
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Credits =============== Zhao Liang, Huawei Weiran Labs Vendor: =============== Blue River Interactive Group Product: ======================== Mura CMS Mura CMS is built with one focused purpose in mind - to make it easier and faster for people to build and maintain even the most ambitious websites. Vulnerability Type: ================================ XSS CVE Reference: ============== CVE-2017-8302 Vulnerability Details: ===================== Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/views/cusers/inc/dsp_search_form.cfm, admin/core/views/cusers/inc/dsp_users_list.cfm, admin/core/views/cusers/list.cfm, and admin/core/views/cusers/listusers.cfm. Exploitation Technique: ======================= Remote Severity Level: =============== High Best Regards, Zhao Liang, Huawei Weiran Labs


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top