Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Comsenz SupeSite CMS 7.0 Cross Site Scripting

🗓️ 16 Apr 2015 00:00:00Reported by Jing WangType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 1492 Views

Comsenz SupeSite CMS 7.0 Stored XSS Security Vulnerabilities, impacting versions 6.0.1UC and 7.0, allow remote attackers to execute arbitrary script code via specially crafted requests, leading to a HIGH severity impact

Code
`*Comsenz SupeSite CMS 7.0 Stored XSS (Cross-site Scripting) Security  
Vulnerabilities*  
  
  
Exploit Title: Comsenz SupeSite CMS 7.0 Stored XSS Security Vulnerabilities  
Product: Supesite CMS (Content Management System)  
Vendor: ComSenz  
Vulnerable Versions: 6.0.1UC 7.0  
Tested Version: 7.0  
Advisory Publication: April 15, 2015  
Latest Update: April 15, 2015  
Vulnerability Type: Cross-Site Scripting [CWE-79]  
CVE Reference: *  
Impact CVSS Severity (version 2.0):  
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)  
Impact Subscore: 6.4  
Exploitability Subscore: 10.0  
Discover and Reporter: Wang Jing [Mathematics, Nanyang Technological  
University (NTU), Singapore]  
  
  
  
  
*Proposition Details:*  
  
  
*(1) Vendor & Product Description:*  
  
  
*Vendor:*  
Comsenz  
  
  
*Product & Vulnerable Versions:*  
SupeSite 6.0.1UC  
SupeSite 7.0  
  
  
*Vendor URL & Download:*  
SupeSite can be brought from here,  
http://www.comsenz.com/products/other/supesite  
http://www.comsenz.com/downloads/install/supesite#down_open  
  
  
*Source code:*  
http://www.8tiny.com/source/supesite/nav.html?index.html  
  
  
*Product Introduction Overview:*  
"SupeSite is an independent content management (CMS) function, and  
integrates Web2.0 community personal portal system X-Space, has a strong  
aggregation of community portal systems. SupeSite station can be achieved  
within the forum (Discuz!), personal space (X-Space) information content  
aggregation. Any webmaster , are available through SupeSite, easy to build  
a community portal for Web2.0."  
  
"Through grade audit operations, audit managers can publish information on  
the station to rank classification, shield, remove the handle, which can  
display information on the effective control of the site's pages. When the  
audit information, the audit level is set to shield information, the  
information will no longer appear on the page aggregation site, but the  
user's own personal space is still displayed above. If you want to  
completely shield the information, use the delete function. Audit  
information is divided into five levels, you can page polymerization  
conditions, freedom of information conducted classification. The default  
user information released pending state audit level. Administrators can set  
up the site, set whether to allow the pending status of the information  
displayed on the site aggregation page."  
  
  
  
  
*(2) Vulnerability Details:*  
SupeSite web application has a security bug problem. It can be exploited by  
stored XSS attacks. This may allow a remote attacker to create a specially  
crafted request that would execute arbitrary script code in a user's  
browser session within the trust relationship between their browser and the  
server.  
  
Several other SupeSite products 0-day vulnerabilities have been found by  
some other bug hunter researchers before. SupeSite has patched some of  
them. Exploit Archive provides sources for the latest info-sec news, tools,  
and advisories. It has published suggestions, advisories, solutions details  
related to XSS vulnerabilities.  
  
  
*(2.1)* The vulnerability occurs at article's title field. Supesite filter  
script code such as JavaScript. However, it doesn't filter VBScript. So a  
normal user can insert VBScript in an article he/she published. Everyone  
who visits this article will be affected by the XSS attack.  
  
  
  
  
  
*References:*  
http://www.tetraph.com/security/xss-vulnerability/comsenz-supesite-cms-stored-xss/  
http://securityrelated.blogspot.com/2015/04/comsenz-supesite-cms-stored-xss-cross.html  
http://www.inzeed.com/kaleidoscope/computer-web-security/comsenz-supesite-cms-stored-xss/  
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/comsenz-supesite-cms-stored-xss/  
https://computerpitch.wordpress.com/2015/04/15/comsenz-supesite-cms-stored-xss/  
http://www.irist.ir/exploits-2836.html  
http://exploitarchive.com/webshop-hun-1-062s-cross-site-scripting/  
http://lists.openwall.net/full-disclosure/2015/03/02/3  
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1727  
  
  
  
--  
Wang Jing,  
Division of Mathematical Sciences (MAS),  
School of Physical and Mathematical Sciences (SPMS),  
Nanyang Technological University (NTU),  
Singapore.  
http://www.tetraph.com/wangjing/  
https://twitter.com/justqdjing  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Apr 2015 00:00Current
7.4High risk
Vulners AI Score7.4
cross-site scripting vulnerabilitiescomsenz supesite cmsstored xssremote attackersecurity advisory
1492