Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Micro CMS 1.0 b1 - Persistent XSS Vulnerability

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 22 Views

Micro CMS 1.0 b1 - Persistent XSS Vulnerabilit

Code

                                                ##############################################################################

Title    : Micro CMS Persistent Cross-Site Scripting Vulnerability.
Author   : Veerendra G.G from SecPod Technologies (www.secpod.com)
Vendor   : http://www.micro-cms.com/
Advisory : http://secpod.org/blog/?p=135
           http://secpod.org/advisories/SECPOD_MicroCMS.txt
Version  : Micro CMS 1.0 beta 1
Date     : 09/28/2010

###############################################################################

SecPod ID:      1004                            09/03/2010 Issue Discovered
                                                09/05/2010 Vendor Notified
                                                No Response from Vendor


Class:  Persistent Cross-Site Scripting         Severity: High


Overview:
---------
Micro CMS is prone to Persistent Cross-Site Scripting Vulnerability.

Technical Description:
----------------------
Micro CMS is prone to a Persistent Cross-Site vulnerability because it fails to
properly sanitize user-supplied input.

Input passed via the 'name' parameter(also in text-area) in a comment section
to "comments/send/" is not properly verified before it is returned to the
user. This can be exploited to execute arbitrary HTML and script code in a
user's browser session in the context of a vulnerable site. This may allow
the attacker to steal cookie-based authentication and to launch further attacks.

The exploit has been tested in Micro CMS 1.0 beta 1


Impact:
--------
Successful exploitation allows an attacker to execute arbitrary HTML and script
code in a user's browser session in the context of a vulnerable site.


Affected Software:
------------------
Micro CMS 1.0 beta 1 and prior


References:
-----------
http://www.micro-cms.com/
http://secpod.org/blog/?p=135
http://secpod.org/advisories/SECPOD_MicroCMS.txt


Proof of Concepts:
------------------
Add the following attack strings:
  1. My XSS Test </legend><script> alert('XSS-Test')</script> <!--

  OR

  2. My XSS Test </legend><script> alert('XSS-Test')</script>

  OR

  3. <script> alert('XSS-Test')</script>

  in "* Name" textbox in comment section and fill other sections properly.

NOTE :  Some time above POC/Exploit will disable adding comments for that post.


Workaround:
-----------
Not available


Solution:
----------
Not available


Risk Factor:
-------------
    CVSS Score Report:
        ACCESS_VECTOR          = NETWORK
        ACCESS_COMPLEXITY      = MEDIUM
        AUTHENTICATION         = NOT_REQUIRED
        CONFIDENTIALITY_IMPACT = NONE
        INTEGRITY_IMPACT       = PARTIAL
        AVAILABILITY_IMPACT    = PARTIAL
        EXPLOITABILITY         = PROOF_OF_CONCEPT
        REMEDIATION_LEVEL      = UNAVAILABLE
        REPORT_CONFIDENCE      = CONFIRMED
        CVSS Base Score        = 5.8 (AV:N/AC:M/Au:NR/C:N/I:P/A:P)
        CVSS Temporal Score    = 5.2
        Risk factor            = High

Credits:
--------
Veerendra G.G of SecPod Technologies has been credited with the discovery of
this vulnerability.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
micro cmspersistent cross-site scriptingvulnerabilitysecpod technologiesvendoradvisoryversion 1.0 beta 1date 09/28/2010inputuser-suppliedcommentstechnical descriptionexploitedimpactsoftwarereferencesproof of conceptsattackrisk factorcreditsveerendra g.g
22