Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 22 Sep 2016 11:37:40 +0800
From: 王畅 <fyth.cnss@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: XSS Vulnerability in Exponent CMS 2.3.9

Hi, I reported a Cross Site Scripting vulnerability to the
ExponentCMS team on a few days ago:
vulnerability:


/framework/modules/file/connector/uploader.php

line 85-86:
```

$funcNum = $_GET['CKEditorFuncNum'] ;
echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction(".$funcNum.",
'".$url."', '".$message."');</script>";

```

"$_GET['CKEditorFuncNum']"  was printed out without any sanitization.


PoC:http://exponentcms.org/framework/modules/file/connector/uploader.php?CKEditorFuncNum=[removed]<svg/onload=alert(1)>


And Now, this vulnerability have been
fixed.https://exponentcms.lighthouseapp.com/projects/61783/changesets/3f06b07755f35b96eff05ed3e3e1df2b907cade1

https://github.com/exponentcms/exponent-cms/commit/3f06b07755f35b96eff05ed3e3e1df2b907cade1


This issue was reported by Wang Chang of silence.com.cn Inc. and I would like
to request a CVE for this issue (if not done so).

Thank you.
---------------------------------http://www.silence.com.cn
wangchang#silence.com.cn
PKAV Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ