Cross site scripting in toendaCMS 1.5.3
security advisory
References:
http://www.toendacms.com/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1872
Description:
Cross site scripting describes attacks that allow to insert malicious
html or javascript code via get or post forms. This can be used to steal
session cookies.
toendacms is a content management system. The search function can be used
to inject javascript code.
Workaround/Fix:
There's no vendor fix.
Vendor has been contacted 2007-03-11 and replied that they were working on
the issue.
Sample Code:
<form action="http://toendainstallation/" method="post">
<input type="hidden" name="searchword" value='"><script>alert(1)</script>'>
<input type="hidden" name="id" value="search">
<input type="submit"></form>
CVE Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2007-1872 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.
Credits and copyright:
This vulnerability was discovered by Hanno Boeck of schokokeks.org
webhosting.
It's licensed creative commons attribution:
http://creativecommons.org/licenses/by/3.0/
Hanno Boeck, 2007-04-12, http://www.hboeck.de
{"id": "SECURITYVULNS:DOC:16682", "bulletinFamily": "software", "title": "CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3", "description": "Cross site scripting in toendaCMS 1.5.3\r\n\r\nsecurity advisory\r\n\r\nReferences:\r\n http://www.toendacms.com/\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1872\r\n\r\nDescription:\r\n Cross site scripting describes attacks that allow to insert malicious\r\n html or javascript code via get or post forms. This can be used to steal\r\n session cookies.\r\n toendacms is a content management system. The search function can be used\r\n to inject javascript code.\r\n\r\nWorkaround/Fix:\r\n There's no vendor fix.\r\n Vendor has been contacted 2007-03-11 and replied that they were working on\r\n the issue.\r\n\r\nSample Code:\r\n <form action="http://toendainstallation/" method="post">\r\n <input type="hidden" name="searchword" value='"><script>alert(1)</script>'>\r\n <input type="hidden" name="id" value="search">\r\n <input type="submit"></form>\r\n\r\nCVE Information:\r\n The Common Vulnerabilities and Exposures (CVE) project has assigned the\r\n name CVE-2007-1872 to this issue. This is a candidate for inclusion in\r\n the CVE list (http://cve.mitre.org/), which standardizes names for\r\n security problems.\r\n\r\nCredits and copyright:\r\n This vulnerability was discovered by Hanno Boeck of schokokeks.org\r\n webhosting.\r\n It's licensed creative commons attribution:\r\n http://creativecommons.org/licenses/by/3.0/\r\n\r\n Hanno Boeck, 2007-04-12, http://www.hboeck.de", "published": "2007-04-12T00:00:00", "modified": "2007-04-12T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16682", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2007-1872"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:21", "edition": 1, "viewCount": 15, "enchantments": {"score": {"value": 5.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-1872"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:55889"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7570"]}], "rev": 4}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2007-1872"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:55889"]}]}, "exploitation": null, "vulnersScore": 5.5}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}
{"packetstorm": [{"lastseen": "2016-12-05T22:19:05", "description": "", "cvss3": {}, "published": "2007-04-12T00:00:00", "type": "packetstorm", "title": "CVE-2007-1872.txt", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2007-1872"], "modified": "2007-04-12T00:00:00", "id": "PACKETSTORM:55889", "href": "https://packetstormsecurity.com/files/55889/CVE-2007-1872.txt.html", "sourceData": "`Cross site scripting in toendaCMS 1.5.3 \n \nsecurity advisory \n \nReferences: \nhttp://www.toendacms.com/ \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1872 \n \nDescription: \nCross site scripting describes attacks that allow to insert malicious \nhtml or javascript code via get or post forms. This can be used to steal \nsession cookies. \ntoendacms is a content management system. The search function can be used \nto inject javascript code. \n \nWorkaround/Fix: \nThere's no vendor fix. \nVendor has been contacted 2007-03-11 and replied that they were working on \nthe issue. \n \nSample Code: \n<form action=\"http://toendainstallation/\" method=\"post\"> \n<input type=\"hidden\" name=\"searchword\" value='\"><script>alert(1)</script>'> \n<input type=\"hidden\" name=\"id\" value=\"search\"> \n<input type=\"submit\"></form> \n \nCVE Information: \nThe Common Vulnerabilities and Exposures (CVE) project has assigned the \nname CVE-2007-1872 to this issue. This is a candidate for inclusion in \nthe CVE list (http://cve.mitre.org/), which standardizes names for \nsecurity problems. \n \nCredits and copyright: \nThis vulnerability was discovered by Hanno Boeck of schokokeks.org \nwebhosting. \nIt's licensed creative commons attribution: \nhttp://creativecommons.org/licenses/by/3.0/ \n \nHanno Boeck, 2007-04-12, http://www.hboeck.de \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/55889/CVE-2007-1872.txt", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "cve": [{"lastseen": "2022-03-23T12:03:24", "description": "Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id.", "cvss3": {}, "published": "2007-04-13T18:19:00", "type": "cve", "title": "CVE-2007-1872", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1872"], "modified": "2018-10-16T16:41:00", "cpe": ["cpe:/a:toenda_software_development:toendacms:1.5.3"], "id": "CVE-2007-1872", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1872", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:toenda_software_development:toendacms:1.5.3:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2021-06-08T18:49:41", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 2, "cvss3": {}, "published": "2007-04-12T00:00:00", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2007-1932", "CVE-2007-1906", "CVE-2007-1936", "CVE-2007-1929", "CVE-2007-1939", "CVE-2007-2025", "CVE-2007-1968", "CVE-2007-1931", "CVE-2007-1938", "CVE-2007-1928", "CVE-2007-1925", "CVE-2007-1871", "CVE-2007-1998", "CVE-2007-1969", "CVE-2007-1933", "CVE-2007-1920", "CVE-2007-1930", "CVE-2007-1909", "CVE-2007-1908", "CVE-2007-2024", "CVE-2007-1935", "CVE-2007-1872"], "modified": "2007-04-12T00:00:00", "id": "SECURITYVULNS:VULN:7570", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7570", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}]}