X3 CMS Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

ID 1337DAY-ID-22850
Type zdt
Reporter Nahendra Bhati
Modified 2014-11-10T00:00:00


X3 CMS versions 0.5.1 and suffer from cross site request forgery and cross site scripting vulnerabilities.

                                            Product: X3 CMS 0.5.1 &
Vendor: X3 CMS
Vulnerable Version(s):  0.5.1 and
Tested Version:
Vendor Notification: 2 Nov , 2014 
Vendor Patch: 7 Nov, 2014 
Advisory Publication:  8 Nov, 2014
Public Disclosure: 8 November , 2014 
Vulnerability Type: CSRF + Reflected Cross Site Scripting  
CVE Reference: Requested
Risk Level: High
Solution Status: Fixed by Vendor
Discovered and Provided By: Narendra Bhati ( http://hacktivity.websecgeeks.com )
Patch - Upgrade to X3 CMS 0.5.2 
Reported By  - Narendra Bhati ( R00t Sh3ll)
Security Analyst  @ Suma Soft Pvt. Ltd. , Pune ( India )IT Risk & Security Management Services , Pune ( India)
Facebook - https://facebook.com/narendradewsoft
twitter - https://www.twitter.com/NarendraBhatiNB
Blog - http://hacktivity.websecgeeks.com
Email - [email protected]


Advisory Details:

Narendra Bhati discovered vulnerability in X3 CMS 0.5.2 , which can be exploited to perform Cross-Site Scripting (XSS) attacks  Along With  CSRF Vulnerability


1) Cross Site Request Forgery Protection (CSRF) 

There was a CSRF vulnerability in the form submission in most controllers used in the admin area. This could be an issue if administrator is logged in to his account

2) Reflected Cross-Site Scripting (XSS) in MODX Revolution

There was an XSS vulnerability in the search_controller used in the public and private areas.

The exploitation example below uses the <script>alert(1)</script>

Vulnerable Parameter - "search"


Upgrade to Upgrade to X3 CMS 0.5.2 
More Information:
Public Advisory By Vendor :- http://www.x3cms.net/en/news/article/8bb9a4f84d956653b4daa19ee7c529fa/x3_cms_0.5.2
Public Disclosure With Tecnical Details - http://hacktivity.websecgeeks.com/x3-cms-xss-and-csrf/

#  0day.today [2018-01-24]  #