Sitecore Experience Platform 8.1 Update-3 Cross Site Scripting

Type packetstorm
Reporter Pralhad Chaskar
Modified 2017-03-15T00:00:00


                                            `# Exploit Title: Stored Cross Site Scripting (XSS) in Sitecore Experience Platform 8.1 Update-3  
# Date: March 15, 2017  
# Exploit Author: Pralhad Chaskar  
# Vendor Homepage:  
# Version: 8.1 rev. 160519  
# Tested on: Sitecore Experience Platform 8.1 Update-3 i.e.; 8.1 rev. 160519  
# CVE : CVE-2016-8855  
Vendor Description  
Sitecore CMS makes it effortless to create content and experience rich websites that help you achieve your business goals such as increasing sales and search engine visibility, while being straight-forward to integrate and administer. Sitecore lets you deliver sites that are highly scalable, robust and secure. Whether you're focused on marketing, development and design, or providing site content, Sitecore delivers for you.  
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.  
Vulnerability Class  
Cross-site Scripting (XSS) -  
Proof of Concept  
Name and Description input fields aren't properly escaped. This could lead to an XSS attack that could possibly affect administrators,users,editor.  
1. Login to application and navigate to " Manager/Taskpages/Contact list"  
2. Create new Contact List, add the XSS vector in Name and Description parameter using proxy (Burp) and Save the Contact List  
3. Navigate Dashboard of List Manager on " Manager/Dashboard" leading to execution of XSS payload.  
Vendor Contact Timeline  
Discovered: October 16, 2016  
Vendor Notification: October 18, 2016  
Advisory Publication: Mar 15, 2017  
Public Disclosure: Mar 15, 2017  
Affected Targets  
Sitecore Experience Platform 8.1 Update-3 i.e.; 8.1 rev. 160519  
Upgrade to Sitecore Experience Platform 8.2 Update-2 to fix this issue.  
Pralhad Chaskar  
Information Security Analyst  
Help AG Middle East  
[1] Help AG Middle East  
[2] Sitecore Experience Platform