Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 26 Jun 2015 22:30:46 +0530
From: Anirudh Anand <anirudhanand722@...il.com>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: CVE Request - BigTree CMS - Stored XSS while creating a new user

Hello all,

BigTree CMS is a popular Content Management System written in PHP. While
creating a new user, the "*Name*" and "*Company*" parameters are not
properly sanitized and it leads to stored XSS.

*Date:* 25th June, 2015

*Exploit Author:* Anirudh Anand

*Vendor Homepage*: https://www.bigtreecms.org/

*Software Link:* https://www.bigtreecms.org/download/

*Version: *< 4.2.2

*Tested on:* Linux:- Ubuntu, Debian


The issue has been successfully reported to vendor and they have released
an update for the same.

*References: *

*Bug Report:* https://github.com/bigtreecms/BigTree-CMS/issues/205

*Fix Released:*
https://github.com/bigtreecms/BigTree-CMS/commit/e13aa4795cdeb1ab1dc0f5fd0b66df2d1296591d

-- 

Anirudh Anand
bi0s@...ITA
www.securethelock.com

*"Those who Say it cannot be done, should not interrupt the people doing
it"*

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.