Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 12 Sep 2016 02:19:33 +0000
From: 陈瑞琦 <chenruiqi@....cn>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: CVE Request: XSS vulns in b2evolution v6.7.5

I have found 2 XSS vulns in b2evolution v 6.7.5

Title: Stored XSS in b2evolution version 6.7.5 amd before
Author: Chen Ruiqi, Chenruiqi@....cn, @Codesafe Team
Download Site: http://b2evolution.net/downloads/
Vendor: b2evolution.net
Vendor Notified: 2016-08-12
Vendor Contact: http://b2evolution.net/?disp=msgform
--------------------------------------------------------------------------------------------------------
Discription:
b2evolution is a content and community management system written in PHP and backed by a MySQL database. It is distributed as free software under the GNU General Public License.
b2evolution originally started as a multi-user multi-blog engine when Fran?ois Planque forked b2evolution from version 0.6.1 of b2/cafelog in 2003.[2] A more widely known fork of b2/cafelog is WordPress. b2evolution is available in web host control panels as a "one click install" web app.[3](Wiki)
-----------------------------------------------------------------------------------------------------------
Vulnerability:
There is stored XSS in b2evolution version 6.7.5
Any user can post a forum with some evil code in it.
Post a forum with some thing like
[test_forum_xss](http://test.forum.xss"onmouseover="alert(1)"on="1 "test_forum_xss")
----------------------------------------------------------------------------------------------------------
Fix code:
https://github.com/b2evolution/b2evolution/commit/9a4ab85439d1b838ee7b8eeebbf59174bb787811
-----------------------------------------------------------------------------------------------------------------
Vulnerability:
There is stored XSS in b2evolution version 6.7.5
An authentic user can inject javascript code in the website header.
Edit the "Short site name" at set_settings with something like
test_short_name_xss" onmouseover=alert(1) on
------------------------------------------------------------------------------------------------------------------------
Fix code:
https://github.com/b2evolution/b2evolution/commit/dd975fff7fce81bf12f9c59edb1a99475747c83c


Could you assign CVE id for those?

Thank you

Chen Ruiqi
Codesafe Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ