`Advisory: Reflecting XSS vulnerability in CMS e107 v. 1.0.4
Advisory ID: SROEADV-2014-05
Author: Steffen Rösemann
Affected Software: CMS e107 v. 1.0.4
Vendor URL: http://e107.org
Vendor Status: did not respond to issue
CVE-ID: -
==========================
Vulnerability Description:
==========================
The CMS e107 v. 1.0.4 has a reflecting XSS vulnerability in its
administrative backend which can be exploited by bypassing an XSS filter.
==================
Technical Details:
==================
The filemanager functionality of CMS e107 v. 1.0.4 has a reflecting XSS
vulnerability. The filemanager is located here on a normal e107
installation:
http://{TARGET}/e107_admin/filemanager.php
The e107 files are located in the following folder, which is created when
installing the CMS:
http://{TARGET}/e107_admin/filemanager.php?e107_files/
By appending specially crafted HTML and/or JavaScript-code, an attacker
could exploit this vulnerability.
Exploit-Example:
http://{TARGET}/e107_admin/filemanager.php?e107_files/%3C%73%63%72%69%70%74%3Ealert(String.fromCharCode(34,
88, 83, 83,
34))%3C%2F%73%63%72%69%70%74%3E%3C!--%3C%2F%73%63%72%69%70%74%3E%3C!--
=========
Solution:
=========
Vendor didn't responded to this issue, as it is announced that issues on
e107 v. 1.0.4 are handled on lower priority.
====================
Disclosure Timeline:
====================
26/27-Dec-2014 – found the vulnerability
27-Dec-2014 - informed the developers
27-Dec-2014 – release date of this security advisory [without technical
details]
03-Dec-2014 - opened up an issue on Github as vendor not responded (see
https://github.com/e107inc/e107v1/issues/2)
09-Jan-2015 - release date of this security advisory
09-Jan-2015 - send to lists
========
Credits:
========
Vulnerability found and advisory written by Steffen Rösemann.
===========
References:
===========
[1] http://e107.org
[2] http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html
[3] https://github.com/e107inc/e107v1/issues/2
[4]
http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation