Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 12 Jan 2015 15:48:12 +0100
From: Steffen Rösemann <steffen.roesemann1986@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE-Request -- CMS Croogo v.2.2.0 -- Reflecting XSS in filemanager in
 the administrative backend

Hi Josh, Steve, vendors, list.

I found a reflecting XSS vulnerability in the filemanager of the CMS Croogo
v. 2.2.0.

The filemanager is located here in a common Croogo installation:

http://
{TARGET}/admin/file_manager/file_manager/editfile?path=%2FApplications%2FXAMPP%2Fxamppfiles%2Fhtdocs%2Fcroogo-2.2.0%2Fpackage.json

By appending arbitrary HTML- and/or JavaScriptcode to names of existing
files, the XSS gets executed. However it does not work by appending the
code to names of directories.

Example:

http://{TARGET}/admin/file_manager/file_manager/editfile?path=%2FApplications%2FXAMPP%2Fxamppfiles%2Fhtdocs%2Fcroogo-2.2.0%2Fpackage.json<script>alert("XSS
in filemanager functionality of CMS Croogo 2.2.0")</script><!--

Could you please assign a CVE-ID for that issue?

Thank you!

Greetings

Steffen Rösemann

References:

[1] https://croogo.org/
[2] http://sroesemann.blogspot.de/2015/01/sroeadv-2015-02.html
[3] https://github.com/croogo/croogo/issues/599
[4]
http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-02.html

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ