Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Micro CMS v1.0 b1 Persistent XSS Vulnerability

🗓️ 29 Sep 2010 00:00:00Reported by n/aType 
zdt
 zdt🔗 0day.today👁 36 Views

Micro CMS v1.0 b1 Persistent XSS Vulnerabilit

Code
==============================================
Micro CMS v1.0 b1 Persistent XSS Vulnerability
==============================================

Class:  Persistent Cross-Site Scripting         Severity: High
 
 
Overview:
---------
Micro CMS is prone to Persistent Cross-Site Scripting Vulnerability.
 
Technical Description:
----------------------
Micro CMS is prone to a Persistent Cross-Site vulnerability because it fails to
properly sanitize user-supplied input.
 
Input passed via the 'name' parameter(also in text-area) in a comment section
to "comments/send/" is not properly verified before it is returned to the
user. This can be exploited to execute arbitrary HTML and script code in a
user's browser session in the context of a vulnerable site. This may allow
the attacker to steal cookie-based authentication and to launch further attacks.
 
The exploit has been tested in Micro CMS 1.0 beta 1
 
 
Impact:
--------
Successful exploitation allows an attacker to execute arbitrary HTML and script
code in a user's browser session in the context of a vulnerable site.
 
 
Affected Software:
------------------
Micro CMS 1.0 beta 1 and prior
 
 
References:
-----------
http://www.micro-cms.com/
http://secpod.org/blog/?p=135
http://secpod.org/advisories/SECPOD_MicroCMS.txt
 
 
Proof of Concepts:
------------------
Add the following attack strings:
  1. My XSS Test </legend><script> alert('XSS-Test')</script> <!--
 
  OR
 
  2. My XSS Test </legend><script> alert('XSS-Test')</script>
 
  OR
 
  3. <script> alert('XSS-Test')</script>
 
  in "* Name" textbox in comment section and fill other sections properly.
 
NOTE :  Some time above POC/Exploit will disable adding comments for that post.
 
 
Workaround:
-----------
Not available
 
 
Solution:
----------
Not available
 
 
Risk Factor:
-------------
    CVSS Score Report:
        ACCESS_VECTOR          = NETWORK
        ACCESS_COMPLEXITY      = MEDIUM
        AUTHENTICATION         = NOT_REQUIRED
        CONFIDENTIALITY_IMPACT = NONE
        INTEGRITY_IMPACT       = PARTIAL
        AVAILABILITY_IMPACT    = PARTIAL
        EXPLOITABILITY         = PROOF_OF_CONCEPT
        REMEDIATION_LEVEL      = UNAVAILABLE
        REPORT_CONFIDENCE      = CONFIRMED
        CVSS Base Score        = 5.8 (AV:N/AC:M/Au:NR/C:N/I:P/A:P)
        CVSS Temporal Score    = 5.2
        Risk factor            = High



#  0day.today [2018-01-09]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 Sep 2010 00:00Current
7.1High risk
Vulners AI Score7.1
persistent cross-site scriptinghigh severitymicro cmsuser inputcomment sectionarbitrary html codescript codevulnerable siteauthenticationcookie-basedexploit1.0 beta 1security risknetwork accessmedium complexityno authentication requiredpartial integrity impactpartial availability impact
36