SuperWebMailer 5.50.0.01160 Cross Site Scripting

`*SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Security  
Vulnerabilities*  
  
  
Exploit Title: SuperWebMailer /defaultnewsletter.php" HTMLForm Parameter  
XSS Security Vulnerabilities  
Product: SuperWebMailer  
Vendor: SuperWebMailer  
Vulnerable Versions: 5.*.0.* 4.*.0.*  
Tested Version: 5.*.0.* 4.*.0.*  
Advisory Publication: March 10, 2015  
Latest Update: March 10, 2015  
Vulnerability Type: Cross-Site Scripting [CWE-79]  
CVE Reference: *  
Impact CVSS Severity (version 2.0):  
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)  
Impact Subscore: 2.9  
Exploitability Subscore: 8.6  
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU),  
Singapore]  
  
  
  
  
  
  
  
*Advisory Details:*  
  
  
*(1) Vendor & Product Description:*  
  
  
*Vendor:*  
SuperWebMailer  
  
  
  
*Product & Vulnerable Versions:*  
SuperWebMailer  
5.60.0.01190  
5.50.0.01160  
5.40.0.01145  
5.30.0.01123  
5.20.0.01113  
5.10.0.00982  
5.05.0.00970  
5.02.0.00965  
5.00.0.00962  
4.50.0.00930  
4.40.0.00917  
4.31.0.00914  
4.30.0.00907  
4.20.0.00892  
4.10.0.00875  
  
  
*Vendor URL & Download:*  
SuperWebMailer can be got from here,  
http://www.superwebmailer.de/  
  
  
  
*Product Introduction:*  
"Super webmail is a web-based PHP Newsletter Software. The web-based PHP  
Newsletter Software Super webmail is the optimal solution for the  
implementation of a successful e-mail marketing."  
  
"To use the online PHP Newsletter Script is your own website / server with  
PHP 4 or newer, MySQL 3.23 or later and the execution of CronJobs required.  
Once installed, the online newsletter software Super webmail can be served  
directly in the browser. The PHP Newsletter Tool Super webmail can  
therefore be used platform-independent all operating systems such as  
Windows, Linux, Apple Macintosh, with Internet access worldwide. The PHP  
Newsletter Script allows you to manage your newsletter recipients including  
registration and deregistration from the newsletter mailing list by  
double-opt In, Double Opt-Out and automatic bounce management. Send online  
your personalized newsletter / e-mails in HTML and Text format with  
embedded images and attachments immediately in the browser or by CronJob  
script in the background immediately or at a later. With the integrated  
tracking function to monitor the success of the newsletter mailing, if  
thereby the openings of the newsletter and clicks on links in the  
newsletter graphically evaluated and presented. Put the integrated  
autoresponder to autorun absence messages or the receipt of e-mails to  
confirm."  
  
"It is now included CKEditor 4.4.7. An upgrade to the latest version is  
recommended as an in CKEditor 4.4.5 Vulnerability found. Super webmail from  
immediately contains new chart component for the statistics that do not  
need a flash and are therefore also represented on Apple devices. For the  
Newsletter tracking statistics is now an easy print version of the charts  
available that can be printed or saved with PDF printer driver installed in  
a PDF file. When viewing the e-mails in the mailing lists of the sender of  
the email is displayed in a column that sent the e-mail to the mailing  
list. For form creation for the newsletter subscription / cancellation are  
now available variant"  
  
  
  
  
  
*(2) Vulnerability Details:*  
SuperWebMailer web application has a security bug problem. It can be  
exploited by XSS attacks. This may allow a remote attacker to create a  
specially crafted request that would execute arbitrary script code in a  
user's browser session within the trust relationship between their browser  
and the server. Other bug hunter researchers have found other XSS  
vulnerabilities related to it before and SuperWebMailer has patched them.  
  
  
*(2.1) *The code programming flaw occurs at "defaultnewsletter.php" page  
with "&HTMLForm" parameters.  
  
  
  
  
  
  
  
  
*References:*  
http://tetraph.com/security/xss-vulnerability/superwebmailer-5-50-0-01160-xss-cross-site-scripting-security-vulnerabilities/  
http://securityrelated.blogspot.com/2015/03/superwebmailer-550001160-xss-cross-site.html  
http://www.inzeed.com/kaleidoscope/computer-web-security/superwebmailer-5-50-0-01160-xss-cross-site-scripting-security-vulnerabilities/  
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/superwebmailer-5-50-0-01160-xss-cross-site-scripting-security-vulnerabilities/  
https://webtechwire.wordpress.com/2015/03/10/superwebmailer-5-50-0-01160-xss-cross-site-scripting-security-vulnerabilities/  
http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142551542201539&w=2  
https://cxsecurity.com/issue/WLB-2015030043  
  
  
  
  
  
  
--  
Wang Jing,  
Division of Mathematical Sciences (MAS),  
School of Physical and Mathematical Sciences (SPMS),  
Nanyang Technological University (NTU),  
Singapore.  
http://www.tetraph.com/wangjing/  
https://twitter.com/tetraphibious  
  
  
`