oss-sec mailing list archives
CVE Request: XSS Vulnerability in Exponent CMS 2.3.9
From: 王畅 <fyth.cnss () gmail com>
Date: Thu, 22 Sep 2016 11:37:40 +0800
Hi, I reported a Cross Site Scripting vulnerability to the ExponentCMS team on a few days ago: vulnerability: /framework/modules/file/connector/uploader.php line 85-86: ``` $funcNum = $_GET['CKEditorFuncNum'] ; echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction(".$funcNum.", '".$url."', '".$message."');</script>"; ``` "$_GET['CKEditorFuncNum']" was printed out without any sanitization. PoC:http://exponentcms.org/framework/modules/file/connector/uploader.php?CKEditorFuncNum=[removed]<svg/onload=alert(1)> And Now, this vulnerability have been fixed.https://exponentcms.lighthouseapp.com/projects/61783/changesets/3f06b07755f35b96eff05ed3e3e1df2b907cade1 https://github.com/exponentcms/exponent-cms/commit/3f06b07755f35b96eff05ed3e3e1df2b907cade1 This issue was reported by Wang Chang of silence.com.cn Inc. and I would like to request a CVE for this issue (if not done so). Thank you. ---------------------------------http://www.silence.com.cn wangchang#silence.com.cn PKAV Team
Current thread:
- CVE Request: XSS Vulnerability in Exponent CMS 2.3.9 王畅 (Sep 21)