Full Disclosure mailing list archives
Re: [FD] Symfony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability
From: Sachin Wagh <wsachin092 () gmail com>
Date: Wed, 23 Dec 2015 16:25:34 +0530
Title corrected Symfony CMS to Symphony CMS. ================================================================ Symphony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability ================================================================ Information -------------------- Vulnerability Type : Cross Site Scripting Vulnerability Vulnerable Version : 2.6.3 CVE-ID : CVE-2015-8376 Severity: Medium Author – Sachin Wagh (@tiger_tigerboy) Description -------------------- Symphony CMS is prone to Multiple a Cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Proof of Concept URL -------------------- http://localhost/symphony2.6.3/symphony-2.6.3/symphony/blueprints/sections/edit/1/ Advisory Information: ================================================ Symphony CMS XSS Vulnerability Severity Level: ========================================================= Med Description: ========================================================== Vulnerable Product: [+] Symphony CMS 2.6.3 Vulnerable Parameter(s): [+] Name [+] Nevigation Group [+] Label Affected Area(s): [+] http://localhost/symphony2.6.3/symphony-2.6.3/symphony/blueprints/sections/edit/1/ Advisory Timeline -------------------- 28-Nov-2015-Reported 6-Dec-2015-Vulnerability Published Credits & Authors -------------------- Sachin Wagh (@tiger_tigerboy) On Sun, Dec 6, 2015 at 8:18 PM, Sachin Wagh <wsachin092 () gmail com> wrote:
================================================================ Symfony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability ================================================================ Information -------------------- Vulnerability Type : Cross Site Scripting Vulnerability Vulnerable Version : 2.6.3 CVE-ID : CVE-2015-8376 Severity: Medium Author – Sachin Wagh (@tiger_tigerboy) Description -------------------- symphony CMS is prone to Multiple a Cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Proof of Concept URL -------------------- http://localhost/symphony2.6.3/symphony-2.6.3/symphony/blueprints/sections/edit/1/saved/ Advisory Information: ================================================ Symphony CMS XSS Vulnerability Severity Level: ========================================================= Med Description: ========================================================== Vulnerable Product: [+] Symphony CMS 2.6.3 Vulnerable Parameter(s): [+] Name [+] Nevigation Group [+] Label Affected Area(s): [+] http://localhost/symphony2.6.3/symphony-2.6.3/symphony/blueprints/sections/edit/1/ Advisory Timeline -------------------- 28-Nov-2015-Reported 6-Dec-2015-Vulnerability Published Credits & Authors -------------------- Sachin Wagh (@tiger_tigerboy) -- Best Regards, *Sachin Wagh* Security Consultant m: +91 75 888 644 81 w: secur1tyadvisory.wordpress.com
-- Best Regards, *Sachin Wagh* Security Consultant m: +91 75 888 644 81 w: secur1tyadvisory.wordpress.com _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Symfony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability Sachin Wagh (Dec 09)
- Re: [FD] Symfony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability Sachin Wagh (Dec 23)