Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormAndrew AntonioPACKETSTORM:127404
HistoryJul 09, 2014 - 12:00 a.m.

OctavoCMS Cross Site Scripting

2014-07-0900:00:00
Andrew Antonio
packetstormsecurity.com
15

0.003 Low

EPSS

Percentile

65.5%

JSON
`This proprietary content management software is vulnerable to reflected XSS on the file admin/viewer.php, src parameter.  
  
Current release on their demo site is vulnerable, same as other few sites I could find.  
  
PoC: http://demo.octavocms.com/admin/viewer.php?src=%22%3E%3C/img%3E%3Ch2%3EThis%20is%20a%20test%3C/h2%3E%3Cscript%3Ealert(123)%3C/script%3E%3C!--%22  
  
On the 9th of June I contacted the guys of OctavoCMS and eMB Group but they have not replied yet. At the moment of this writing the on-line demo still vulnerable.  
`

Related

openvas 1
cve 1
prion 1
cvelist 1
securityvulns 1
openvas
openvas
OctavoCMS 'src' Parameter Cross-Site Scripting Vulnerability
2014-07-30 00:00:00
cve
cve
CVE-2014-4331
2014-07-19 20:55:00
prion
prion
Cross site scripting
2014-07-19 20:55:00
cvelist
cvelist
CVE-2014-4331
2014-07-19 20:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-10-17 00:00:00

0.003 Low

EPSS

Percentile

65.5%

JSON
Related for PACKETSTORM:127404
openvas1cve1prion1cvelist1securityvulns1