Lucene search
K

CMS e107 1.0.4 Cross Site Scripting

🗓️ 09 Jan 2015 00:00:00Reported by Steffen RoesemannType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 21 Views

CMS e107 1.0.4 Reflecting XSS vulnerabilit

Code
`Advisory: Reflecting XSS vulnerability in CMS e107 v. 1.0.4  
Advisory ID: SROEADV-2014-05  
Author: Steffen Rösemann  
Affected Software: CMS e107 v. 1.0.4  
Vendor URL: http://e107.org  
Vendor Status: did not respond to issue  
CVE-ID: -  
  
==========================  
Vulnerability Description:  
==========================  
  
The CMS e107 v. 1.0.4 has a reflecting XSS vulnerability in its  
administrative backend which can be exploited by bypassing an XSS filter.  
  
==================  
Technical Details:  
==================  
  
The filemanager functionality of CMS e107 v. 1.0.4 has a reflecting XSS  
vulnerability. The filemanager is located here on a normal e107  
installation:  
  
http://{TARGET}/e107_admin/filemanager.php  
  
The e107 files are located in the following folder, which is created when  
installing the CMS:  
  
http://{TARGET}/e107_admin/filemanager.php?e107_files/  
  
By appending specially crafted HTML and/or JavaScript-code, an attacker  
could exploit this vulnerability.  
  
Exploit-Example:  
  
http://{TARGET}/e107_admin/filemanager.php?e107_files/%3C%73%63%72%69%70%74%3Ealert(String.fromCharCode(34,  
88, 83, 83,  
34))%3C%2F%73%63%72%69%70%74%3E%3C!--%3C%2F%73%63%72%69%70%74%3E%3C!--  
  
=========  
Solution:  
=========  
  
Vendor didn't responded to this issue, as it is announced that issues on  
e107 v. 1.0.4 are handled on lower priority.  
  
  
====================  
Disclosure Timeline:  
====================  
26/27-Dec-2014 – found the vulnerability  
27-Dec-2014 - informed the developers  
27-Dec-2014 – release date of this security advisory [without technical  
details]  
03-Dec-2014 - opened up an issue on Github as vendor not responded (see  
https://github.com/e107inc/e107v1/issues/2)  
09-Jan-2015 - release date of this security advisory  
09-Jan-2015 - send to lists  
  
  
  
========  
Credits:  
========  
  
Vulnerability found and advisory written by Steffen Rösemann.  
  
===========  
References:  
===========  
  
[1] http://e107.org  
[2] http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html  
[3] https://github.com/e107inc/e107v1/issues/2  
[4]  
http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

09 Jan 2015 00:00Current
7.4High risk
Vulners AI Score7.4
21