Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 26 Jun 2015 22:30:46 +0530
From: Anirudh Anand <anirudhanand722@...il.com>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: CVE Request - BigTree CMS - Stored XSS while creating a new user

Hello all,

BigTree CMS is a popular Content Management System written in PHP. While
creating a new user, the "*Name*" and "*Company*" parameters are not
properly sanitized and it leads to stored XSS.

*Date:* 25th June, 2015

*Exploit Author:* Anirudh Anand

*Vendor Homepage*: https://www.bigtreecms.org/

*Software Link:* https://www.bigtreecms.org/download/

*Version: *< 4.2.2

*Tested on:* Linux:- Ubuntu, Debian


The issue has been successfully reported to vendor and they have released
an update for the same.

*References: *

*Bug Report:* https://github.com/bigtreecms/BigTree-CMS/issues/205

*Fix Released:*
https://github.com/bigtreecms/BigTree-CMS/commit/e13aa4795cdeb1ab1dc0f5fd0b66df2d1296591d

-- 

Anirudh Anand
bi0s@...ITA
www.securethelock.com

*"Those who Say it cannot be done, should not interrupt the people doing
it"*

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ