Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 Jan 2015 05:50:26 +0100
From: Steffen Rösemann <>
Subject: CVE-Request -- Saurus CMS v.4.7 (Community Edition, released:
 12.08.2014) -- Multiple reflecting XSS vulnerabilities

Hi Josh, Steve, vendors, list.

I found multiple reflecting XSS vulnerabilities in the administrative
backend of the content management system Saurus CMS v. 4.7 (Community
Edition, released: 12.08.2014).

The parameters used in the following PHP files are prone to reflecting XSS
attacks (including exploit examples):

user_management.php (vulnerable parameter: "search"):


profile_data.php (vulnerable parameter: "data_search"):


error_log.php (vulnerable parameter: "filter"):


Vendor patched this vulnerability in the latest commit of Saurus CMS v. 4.7
(CE, released: 27.01.2015).

Could you please assign a CVE-ID for this?

Thank you very much!

Greetings from Germany.

Steffen Rösemann



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ