EasyDNNnews Cross Site Scripting

2016-01-13T00:00:00
ID PACKETSTORM:135234
Type packetstorm
Reporter Peter Lapp
Modified 2016-01-13T00:00:00

Description

                                        
                                            `Details  
=======  
  
Product: EasyDNNnews  
Vulnerability: Reflected XSS  
Author: Peter Lapp, lappsec () gmail com  
CVE: None  
Vulnerable Versions: <7.5  
Fixed Version: 7.5  
  
  
Summary  
=======  
  
>From the vendor's website: "EasyDNNnews is a very powerful DotNetNuke  
module that enables non-technical users to publish and manage articles,  
news, press releases, stories and editorials."  
  
During an engagement it was discovered that reflected XSS could be achieved  
in two locations by appending a bogus GET parameter that contained  
JavaScript in the parameter name. After alerting EasyDNNsolutions of the  
vulnerability, they informed me that one of the vulnerabilities had already  
been fixed and the other would be fixed in an upcoming release.  
  
  
Example  
=================  
  
http://targetsite.com/Blog/Details/blog-post?%3C/script%3E%3Cscript%3Ealert%280%29%3C/script%3E=1  
  
  
Solution  
========  
  
Upgrade to 7.5  
  
  
Timeline  
========  
08/31/15 - Contacted EasyDNNnews about the vulnerability.  
09/01/15 - Vendor responds and says the first vulnerability has been fixed  
and the other will be in the next release, which was 7.5.  
  
  
`