Mura CMS 7.0.6967 Cross Site Scripting

🗓️ 03 May 2017 00:00:00Reported by Zhao LiangType

packetstorm🔗 packetstormsecurity.com👁 41 Views

Mura CMS 7.0.6967 XSS Vulnerability CVE-2017-830

Reporter	Title	Published	Views	Family All 7
CNVD	Mura CMS Cross-Site Scripting Vulnerability	5 May 201700:00	–	cnvd
CVE	CVE-2017-8302	27 Apr 201719:00	–	cve
Cvelist	CVE-2017-8302	27 Apr 201719:00	–	cvelist
EUVD	EUVD-2017-17263	7 Oct 202500:30	–	euvd
NVD	CVE-2017-8302	27 Apr 201719:59	–	nvd
Prion	Cross site scripting	27 Apr 201719:59	–	prion
RedhatCVE	CVE-2017-8302	22 May 202502:49	–	redhatcve

`Credits  
===============  
Zhao Liang, Huawei Weiran Labs  
  
  
Vendor:  
===============  
Blue River Interactive Group  
  
  
Product:  
========================  
Mura CMS  
  
Mura CMS is built with one focused purpose in mind - to make it easier and faster for people to build and maintain even the most ambitious websites.   
  
  
Vulnerability Type:  
================================  
XSS  
  
  
CVE Reference:  
==============  
CVE-2017-8302  
  
  
Vulnerability Details:  
=====================  
Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/views/cusers/inc/dsp_search_form.cfm, admin/core/views/cusers/inc/dsp_users_list.cfm, admin/core/views/cusers/list.cfm, and admin/core/views/cusers/listusers.cfm.  
  
  
Exploitation Technique:  
=======================  
Remote  
  
  
Severity Level:  
===============  
High  
  
  
Best Regards,  
Zhao Liang, Huawei Weiran Labs  
`

03 May 2017 00:00Current

0.1Low risk

Vulners AI Score0.1

EPSS0.00206