oss-sec mailing list archives
CVE Request: October CMS - Stored XSS in image caption tag
From: "Abhishek J.M" <jmabhishek4 () gmail com>
Date: Tue, 21 Jul 2015 20:35:49 +0530
Hello , October CMS <https://github.com/octobercms> , an open-source , self-hosted Content Management System built based on the Laravel PHP Framework has been found to be vulnerable to Stored Cross-site Scripting attack. *Scenario :* When any *normal* user logs into the October CMS , he is given an option to update his account , where there is an option to upload his profile picture. On uploading , the user is given an option to give a caption to the uploaded image. This tab has been found vulnerable to stored XSS. *POC :* Type in : ' *<svg onload=alert(document.cookie)>*' inside the caption tab of the image and save it. Logout of the user account and login as an administrator. Now, simply visit the user profile (of the normal user) and the JavaScript will be executed. *Reporting date* : 21st July , 2015 *Exploit Author * : Abhishek J M *Vendor Homepage *: http://octobercms.com/ *Product Link : * http://octobercms.com/download *Version affected : *Possibly all the builds i.e , < = Build 271 (Changelog <https://github.com/octobercms/october/blob/master/CHANGELOG.md>) *Tested on : * Linux:- Ubuntu, Debian, PHP - 5.5 This issue has been reported to the vendor of this product : https://github.com/octobercms/october/issues/1302 Is it possible to assign CVE identifier for this issue ? Thank you -- Abhishek J M bi0s @ Amrita Blog <http://revoextremer.wix.com/revo> | XDA <http://forum.xda-developers.com/member.php?u=5723399> |
Current thread:
- CVE Request: October CMS - Stored XSS in image caption tag Abhishek J.M (Jul 21)
- Re: CVE Request: October CMS - Stored XSS in image caption tag cve-assign (Jul 22)