oss-sec mailing list archives
CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality
From: Steffen Rösemann <steffen.roesemann1986 () gmail com>
Date: Tue, 13 Jan 2015 19:02:53 +0100
Hi Josh, Steve, vendors, list. I found a reflecting XSS vulnerability in CMS b2evolution v.5.2.0 (release-date: 30th Dec 2014). It is located in its filemanager functionality, which can be accessed in the administrative backend by the following URL (assuming a common b2evolution installation): http:// {TARGET}/blogs/admin.php?fm_filter=&actionArray[filter]=Apply&ctrl=files&locale=&blog=1&mode=&ajax_request=0&root=collection_1&path=&fm_mode=&linkctrl=&linkdata=&iframe_name=&fm_hide_dirtree=0&fm_flatmode=&fm_order=&fm_orderasc= The "fm_filter" parameter is vulnerable to XSS attacks and can be exploited by an attacker like in the following example: http:// {TARGET}/blogs/admin.php?fm_filter=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&actionArray[filter]=Apply&ctrl=files&locale=&blog=1&mode=&ajax_request=0&root=collection_1&path=&fm_mode=&linkctrl=&linkdata=&iframe_name=&fm_hide_dirtree=0&fm_flatmode=&fm_order=&fm_orderasc= Could you please assign a CVE-ID for it? Thank you very much! Greetings. Steffen Rösemann References: [1] http://b2evolution.net/ [2] http://sroesemann.blogspot.de/2014/12/sroeadv-2014-09.html [3] http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-09.html
Current thread:
- CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Steffen Rösemann (Jan 13)
- Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Henri Salo (Jan 14)
- Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Daniel Kahn Gillmor (Jan 15)
- Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality cve-assign (Feb 12)
- Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Henri Salo (Jan 14)