Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2003-2021 k-otik.comEZPUBLISH_XSS.NASL
HistoryMar 23, 2003 - 12:00 a.m.

ez Publish Multiple XSS

2003-03-2300:00:00
This script is Copyright (C) 2003-2021 k-otik.com
www.tenable.com
25

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.4%

JSON

ezPublish 2.2.7 has a cross-site scripting bug. An attacker may use it to perform a cross-site scripting attack on this host.

In addition to this, another flaw may allow an attacker store hostile HTML code on the server side, which will be executed by the browser of the administrative user when he looks at the server logs.

#%NASL_MIN_LEVEL 70300
#
# written by K-Otik.com <[email protected]>
#

# ezPublish Cross Site Scripting Bugs
#
#  Message-ID: <[email protected]>
#  From: Ertan Kurt <mailto:[email protected]>
#  To: <[email protected]>
#  Subject: Some XSS vulns
#

# Changes by Tenable:
# - Revised plugin title (5/05/09)

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
 script_id(11449);
 script_version("1.38");
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

 script_cve_id("CVE-2003-0310");
 script_bugtraq_id(7137, 7138);

 script_name(english:"ez Publish Multiple XSS");
 script_summary(english:"Determine if ezPublish is vulnerable to xss attack");

 script_set_attribute(attribute:"synopsis", value:
"The remote web application is vulnerable to cross-site scripting
attacks.");
 script_set_attribute(attribute:"description", value:
"ezPublish 2.2.7 has a cross-site scripting bug. An attacker may use it
to perform a cross-site scripting attack on this host.

In addition to this, another flaw may allow an attacker store hostile
HTML code on the server side, which will be executed by the browser of
the administrative user when he looks at the server logs.");
 script_set_attribute(attribute:"solution", value:"Upgrade to a newer version.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"vuln_publication_date", value:"2003/05/16");
 script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/23");

 script_set_attribute(attribute:"potential_vulnerability", value:"true");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"CGI abuses : XSS");
 script_copyright(english:"This script is Copyright (C) 2003-2021 k-otik.com");

 script_dependencie("http_version.nasl", "no404.nasl", "cross_site_scripting.nasl");
 script_exclude_keys("Settings/disable_cgi_scanning");
 script_require_keys("Settings/ParanoidReport");
 script_require_ports("Services/www", 80);

 exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:80, embedded:TRUE);

if(!get_port_state(port))exit(0);
if(get_kb_item(string("www/", port, "/generic_xss"))) exit(0);


foreach d (cgi_dirs())
{
 url = string(d, "/search/?SectionIDOverride=1&SearchText=<script>window.alert(document.cookie);</script>");
 req = http_get(item:url, port:port);
 buf = http_keepalive_send_recv(port:port, data:req, bodyonly:1);
 if( buf == NULL ) exit(0);

 if("Search results for: '<script>window.alert(document.cookie);</script>" >< buf)
 {
   security_warning(port:port);
   set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
   exit(0);
 }
}

Related

nvd 1
cve 1
nessus 1
cvelist 1
openvas 1
nvd
nvd
CVE-2003-0310
2003-06-16 04:00:00
cve
cve
CVE-2003-0310
2003-06-16 04:00:00
nessus
nessus
eZ Publish articleview.php XSS
2003-05-21 00:00:00
cvelist
cvelist
CVE-2003-0310
2003-05-17 04:00:00
openvas
openvas
eZ Publish Cross Site Scripting Bugs
2005-11-03 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.4%

JSON
Related for EZPUBLISH_XSS.NASL
nvd1cve1nessus1cvelist1openvas1