Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormHyp3rlinxPACKETSTORM:132223
HistoryJun 08, 2015 - 12:00 a.m.

SilverStripe CMS 3.1.13 XSS / Open Redirect

2015-06-0800:00:00
hyp3rlinx
packetstormsecurity.com
23

0.004 Low

EPSS

Percentile

73.0%

JSON
`[+] Credits: John Page (hyp3rlinx)  
  
[+] Domains: hyp3rlinx.altervista.org  
  
[+] Source:  
http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt  
  
  
  
Vendor:  
================================  
http://www.silverstripe.org/software/download  
  
  
Product:  
================================  
SilverStripe CMS & Framework v3.1.13  
  
  
Advisory Information:  
================================================  
Unvalidated Redirect & XSS vulnerabilities  
  
  
Vulnerability Details:  
=====================  
Unvalidated redirect:  
  
The 'returnURL' parameter for following URL:  
http://localhost/SilverStripe-cms-v3.1.13/dev/build  
is open to abuse by supplying an malicious a location or file.  
  
  
  
XSS (reflected):  
install.php is XSS vulnerable using POST method for the following input  
fields.  
  
admin_username  
admin_password  
  
  
Exploit code(s):  
===============  
  
Unvalidated redirect POC:  
http://localhost/SilverStripe-cms-v3.1.13/dev/build?returnURL=[EVIL REMOTE  
FILE LOCATION]  
  
  
XSS POC:  
http://localhost/SilverStripe-cms-v3.1.13/install.php  
admin_username  
admin_password  
"><script>alert(666)</script>  
  
  
  
Disclosure Timeline:  
=========================================================  
Vendor Notification: June 7, 2015  
June 8, 2015 : Public Disclosure  
  
  
  
Severity Level:  
=========================================================  
Med  
  
  
  
Description:  
==========================================================  
  
Request Method(s): [+] GET & POST  
  
  
Vulnerable Product: [+] SilverStripe CMS & Framework v3.1.13  
  
  
Vulnerable Parameter(s): [+] returnURL, admin_username & admin_password  
  
  
Affected Area(s): [+] install & dev  
  
===============================================================  
  
[+] Disclaimer  
Permission is hereby granted for the redistribution of this advisory,  
provided that it is not altered except by reformatting it, and that due  
credit is given. Permission is explicitly given for insertion in  
vulnerability databases and similar, provided that due credit is given to  
the author. The author is not responsible for any misuse of the information  
contained herein and prohibits any malicious use of all security related  
information or exploits by the author or elsewhere.  
  
  
(hyp3rlinx)  
`

Related

openvas 1
cve 2
github 1
veracode 2
nvd 2
cvelist 2
prion 2
osv 1
openvas
openvas
SilverStripe CMS < 3.1.14 Multiple Vulnerabilities - Active Check
2015-06-22 00:00:00
cve
cve
CVE-2015-5062
2015-06-24 14:59:04
CVE-2015-5063
2015-06-24 14:59:05
github
github
Silverstripe CMS Open Redirect
2022-05-14 02:48:26
veracode
veracode
Cross-site Scripting (XSS)
2017-07-27 00:20:54
Open Redirect
2017-07-28 07:11:22
nvd
nvd
CVE-2015-5063
2015-06-24 14:59:05
CVE-2015-5062
2015-06-24 14:59:04
cvelist
cvelist
CVE-2015-5062
2015-06-24 14:00:00
CVE-2015-5063
2015-06-24 14:00:00
prion
prion
Cross site scripting
2015-06-24 14:59:00
Open redirect
2015-06-24 14:59:00
osv
osv
Silverstripe CMS Open Redirect
2022-05-14 02:48:26

0.004 Low

EPSS

Percentile

73.0%

JSON
Related for PACKETSTORM:132223
openvas1cve2github1veracode2nvd2cvelist2prion2osv1