-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Stored Cross Site Scripting in Ektron CMS 8.7
CVE reference: CVE-2014-2729 Affected platforms: Ektron Web Content Management System Version: 8.7.0 Date: 2013-December-19 Security risk: Medium (CVSS - AV:N/AC:L/Au:S/C:P/I:P/A:N) Researcher: Joseph Zeng Xianbo Vendor Status: Issue reported to be patched in Ektron CMS 8.7.0.055 SP2 Patch Update: 8.7.0.055.2.015).
During an internal penetration test exercise for a client, a stored Cross Site Scripting vulnerability was discovered in the HTTP parameter ‘category0’ of the affected webpage. The application stored the payload and executed the payload when the page was loaded.
This vulnerability has been assigned CVE-2014-2729.
Note that repeating steps 7 to 8 and repeating the step 12 for the corresponding parameters (e.g. 'category1', 'category2')
===================================================================== Possible Impact
This vulnerability was discovered by Joseph Zeng Xianbo
===================================================================== History (GMT +8)
14 Aug 2013 - Vulnerability discovered and reported to client. Client reports it to System Integrator and Ektron. 6 Dec 2013 - Test on Ektron CMS 8.70 SP 2 shows vulnerability is still present 10 Mar 2014 - Test on patched Ektron CMS shows vulnerability has been resolved 26 Mar 2014 - Secunia informed of vulnerability 3 Apr 2014 - Secunia declines to issue advisory as Ektron CMS version 9 supersedes patched version. Case referred to MITRE. 5 Apr 2014 - CVE identifier assigned for this vulnerability 7 Apr 2014 - Ektron contacted for patch details 8 Apr 2014 - Ektron asks System Integrator for patch details 10 Apr 2014 - System Integrator gives notification of patch details 16 Apr 2014 - Advisory Released. ===================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJTTokOAAoJEC7dR+igIW6kRf0H/34IM2qxQraoAXlHe0PjAqA+ 3dkgrDQxNy0cpnYJ6yFTq4j55UdYBQHRDUCAxZTztCVwUpDKUC+CrYAFYTdBQrDh 4fQUL0BLDTsD6SOO61mY0M+/ZEywrLNzB7kYc4P9Er4BCVFQwJ00teCD5NP8L6dZ Upzux8rdO7MlBsngfSOGxjzfdxNNwZJyGet5b4zej7uniwE5EHlyFVEpLgOd0Sua 9qEg7Y8V/IHoWiRX2yapvliQDmoSi9qLHxuPNiAFkHJ6qqR7UvwnuxdLlzsFCvQn EHC7MVk2wcyPEjzTLCDxmt6U9qHju8kqRA2SZYQPEGsl3McfZLyrvXN8lZHCV+I= =iInp -----END PGP SIGNATURE-----