Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormJing WangPACKETSTORM:130076
HistoryJan 23, 2015 - 12:00 a.m.

SmartCMS 2 Cross Site Scripting

2015-01-2300:00:00
Jing Wang
packetstormsecurity.com
36

EPSS

0.001

Percentile

25.2%

JSON
`*CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security  
Vulnerabilities*  
  
Exploit Title: Smartwebsites SmartCMS v.2 Multiple XSS Security  
Vulnerabilities  
Product: SmartCMS v.2  
Vendor: Smartwebsites  
Vulnerable Versions: v.2  
Tested Version: v.2  
Advisory Publication: Jan 22, 2015  
Latest Update: Jan 22, 2015  
Vulnerability Type: Cross-Site Scripting [CWE-79]  
CVE Reference: CVE-2014-9557  
Credit: Wang Jing [MAS, Nanyang Technological University (NTU), Singapore]  
  
  
  
  
  
*Advisory Details:*  
  
  
*(1) Vendor & Product Description*  
  
*Vendor: *Smartwebsites  
  
*Product & Version:* SmartCMS v.2  
  
*Vendor URL & Download:*  
http://www.smartwebsites.com.cy/index.php?pageid=13&lang=en  
  
*Product Description: *  
“SmartCMS is one of the most user friendly and smart content management  
systems there is in the Cyprus market. It makes the content management of a  
webpage very easy and simple, regardless of the user’s technical skills.”  
  
  
  
*(2) Vulnerability Details:*  
  
SmartCMS v.2 has a security problem. It can be exploited by XSS attacks.  
  
*(2.1) *The first vulnerability occurs at “index.php?” page with “pageid”  
“lang” multiple parameters.  
  
*(2.2)* The second vulnerability occurs at “sitemap.php?” page with  
“pageid” “lang” multiple parameters.  
  
  
  
  
  
  
  
*References:*  
http://www.tetraph.com/security/cves/cve-2014-9557-smartcms-multiple-xss-cross-site-scripting-security-vulnerability/  
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9557  
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9557  
https://security-tracker.debian.org/tracker/CVE-2014-9557  
http://www.cvedetails.com/cve/CVE-2014-9557/  
http://www.security-database.com/detail.php?alert=CVE-2014-9557  
http://packetstormsecurity.com/files/cve/CVE-2014-9557  
http://www.pentest.it/cve-2014-9557.html  
http://www.naked-security.com/cve/CVE-2014-9557/  
http://007software.net/cve-2014-9557/  
  
  
  
  
  
  
  
  
--  
Wang Jing,  
Division of Mathematical Sciences (MAS),  
School of Physical and Mathematical Sciences (SPMS),  
Nanyang Technological University (NTU),  
Singapore.  
http://www.tetraph.com/wangjing/  
  
  
`

Related

nvd 1
prion 1
cve 1
cvelist 1
nvd
nvd
CVE-2014-9557
2017-08-28 15:29:00
prion
prion
Cross site scripting
2017-08-28 15:29:00
cve
cve
CVE-2014-9557
2017-08-28 15:29:00
cvelist
cvelist
CVE-2014-9557
2017-08-28 15:00:00

EPSS

0.001

Percentile

25.2%

JSON
Related for PACKETSTORM:130076
nvd1prion1cve1cvelist1