Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ClipperCMS 1.3.3 - Cross-Site Scripting

🗓️ 27 May 2018 00:00:00Reported by Nathu NandwaniType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 61 Views

ClipperCMS 1.3.3 Persistent XSS Vulnerability in "Site Name" Field allows Remote Attackers to Execute Arbitrary Scrip

Related
Code
ReporterTitlePublishedViews
Family
0day.today		ClipperCMS 1.3.3 - Cross-Site Scripting Vulnerability
29 May 201800:00
zdt
CNVD		ClipperCMS Cross-Site Scripting Vulnerability
25 May 201800:00
cnvd
CVE		CVE-2018-11332
24 May 201816:00
cve
Cvelist		CVE-2018-11332
24 May 201816:00
cvelist
EUVD		EUVD-2018-3369
7 Oct 202500:30
euvd
exploitpack		ClipperCMS 1.3.3 - Cross-Site Scripting
27 May 201800:00
exploitpack
NVD		CVE-2018-11332
24 May 201816:29
nvd
Packet Storm		Clipper CMS 1.3.3 Cross Site Scripting
27 May 201800:00
packetstorm
Prion		Cross site scripting
24 May 201816:29
prion
# Exploit Title: ClipperCMS 1.3.3 Persistent XSS on 'Site name' field
# Date: 05/27/2018
# Exploit Author: Nathu Nandwani
# Website: http://nandtech.co/
# Vendor Homepage: http://www.clippercms.com/
# Software Link: https://github.com/ClipperCMS/ClipperCMS/releases/tag/clipper_1.3.3
# Version: 1.3.3
# Tested on: Windows 10 x64 (XAMPP, Chrome)
# CVE: CVE-2018-11332

*Description

A persistent/stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 has been discovered because it didn't sanitize user input. It allows authenticated remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.

*Proof of Concept

1. Attacker logs in as an administrator of the site.
2. Attacker visits the tools->configurations tab and enters the script below in the "Site name" field:
<script>alert('XSS')</script>
3. Once the "Save" button is clicked, the payload will execute.
4. When an unauthenticated user visits the login page "ClipperCMS/manager/", the payload will also execute.
 
*Mitigation

See https://github.com/nathunandwani/ClipperCMS/commit/f286fbfa81dc3728dbbf6d9d817c8848edcad0b2

Timeline

2018-05-21-Vulnerability reported to ClipperCMS development team
2018-05-21-CVE requested from mitre.org
2018-05-22-ClipperCMS development team acknowledges but according to them, bug is more on a trust issue rather than coding
2018-05-22-Added a potential fix in GitHub
2015-05-24-CVE published by mitre: https://twitter.com/CVEnew/status/999689171227865093

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
27 May 2018 00:00Current
5.2Medium risk
Vulners AI Score5.2
CVSS 23.5
CVSS 34.8
EPSS0.00228
cross-site scriptingclippercmsvulnerabilityremote attackersweb scripthtmlmitigationcve-2018-11332
61