Multiple XSS in Fork CMS

2012-02-1500:00:00

High-Tech Bridge

www.htbridge.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.025 Low

EPSS

Percentile

88.9%

JSON

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Fork CMS, which can be exploited to perform Cross-Site Scripting (XSS) attacks.

Cross-Site Scripting (XSS) in Fork CMS: CVE-2012-1188
1.1 Input passed via the “type” and “querystring” GET parameters to /private/en/error is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of affected website.
The following PoC (Proof of Concept) demostrate the vulnerability:
http://[host]/private/en/error?type=%3Cscript%3Ealert%28document.cookie%29;% 3C/script%3E
http://[host]/private/en/error?type=action-not-allowed&querystring=%3Cscript %3Ealert%28document.cookie%29;%3C/script%3E.1
1.2 Input passed via the “name” GET parameter to /private/en/locale/index is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of affected website.
The following PoC (Proof of Concept) demostrates the vulnerability:
http://[host]/private/en/locale/index?name=%22%3E%3Cscript%3Ealert%28documen t.cookie%29;%3C/script%3E