oss-security - CVE-Request -- CMS PHPKit WCMS v.1.6.6 -- Reflecting XSS vulnerability in administrative backend (poll archive)

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Date: Mon, 12 Jan 2015 15:42:58 +0100
From: Steffen Rösemann <steffen.roesemann1986@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE-Request -- CMS PHPKit WCMS v.1.6.6 -- Reflecting XSS
 vulnerability in administrative backend (poll archive)

Hi Josh, Steve, vendors, list.

I found a reflecting XSS vulnerability in the poll archive of the
administrative backend of CMS PHPKit WCMS v.1.6.6 [Build: 1660014].

It is located here on a common PHPKit WCMS installation:

http://{TARGET}/upload_files/pk/include.php?path=pollarchive&result=1

The parameter "result" is vulnerable by appending arbitrary HTML- and/or
JavaScriptcode to it.

Example:

http://
{TARGET}/upload_files/pk/include.php?path=pollarchive&result=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3C!--

Could you please assign a CVE-ID for it?

Thank you!

Steffen Rösemann

References:

[1] http://www.phpkit.com/de/
[2] http://sroesemann.blogspot.de/2014/12/sroeadv-2014-07.html
[3]
http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-07.html

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.