Yab Quarx 2.4.3 Cross Site Scripting

2018-02-21T00:00:00
ID PACKETSTORM:146496
Type packetstorm
Reporter Preethi Koroth
Modified 2018-02-21T00:00:00

Description

                                        
                                            `1. Introduction  
  
Vendor : Yab  
Affected Product : Quarx through 2.4.3   
Fixed in : Quarx 2.4.5 and 2.4.6  
Vendor Website : https://quarxcms.com/  
Vulnerability Type : Persistent XSS  
Remote Exploitable : Yes  
CVE External Identifier : CVE-2018-7274   
  
  
2. Technical Description  
  
There are multiple Persistent XSS vulnerabilities in Quarx Content Management System. These vulnerabilities exists   
due to insufficient sanitization of user-supplied data.   
  
  
3. Affected pages and parameters:  
  
Blog -> 'Title'  
FAQ -> 'Question'  
Pages -> 'Title'  
Widgets -> 'Name'  
Menus -> 'Name'  
  
5. Credit  
  
Preethi Koroth (@p3core0ath)  
  
6. Reference:  
https://github.com/YABhq/Quarx/issues/115  
`