oss-sec mailing list archives
CVE-Request -- CMS PHPKit WCMS v.1.6.6 -- Reflecting XSS vulnerability in administrative backend (poll archive)
From: Steffen Rösemann <steffen.roesemann1986 () gmail com>
Date: Mon, 12 Jan 2015 15:42:58 +0100
Hi Josh, Steve, vendors, list. I found a reflecting XSS vulnerability in the poll archive of the administrative backend of CMS PHPKit WCMS v.1.6.6 [Build: 1660014]. It is located here on a common PHPKit WCMS installation: http://{TARGET}/upload_files/pk/include.php?path=pollarchive&result=1 The parameter "result" is vulnerable by appending arbitrary HTML- and/or JavaScriptcode to it. Example: http:// {TARGET}/upload_files/pk/include.php?path=pollarchive&result=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3C!-- Could you please assign a CVE-ID for it? Thank you! Steffen Rösemann References: [1] http://www.phpkit.com/de/ [2] http://sroesemann.blogspot.de/2014/12/sroeadv-2014-07.html [3] http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-07.html
Current thread:
- CVE-Request -- CMS PHPKit WCMS v.1.6.6 -- Reflecting XSS vulnerability in administrative backend (poll archive) Steffen Rösemann (Jan 12)