oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request: XSS Vulnerability in Exponent CMS 2.3.9

From: 王畅 <fyth.cnss () gmail com>
Date: Thu, 22 Sep 2016 11:37:40 +0800
Hi, I reported a Cross Site Scripting vulnerability to the
ExponentCMS team on a few days ago:
vulnerability:


/framework/modules/file/connector/uploader.php

line 85-86:
```

$funcNum = $_GET['CKEditorFuncNum'] ;
echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction(".$funcNum.",
'".$url."', '".$message."');</script>";

```

"$_GET['CKEditorFuncNum']"  was printed out without any sanitization.


PoC:http://exponentcms.org/framework/modules/file/connector/uploader.php?CKEditorFuncNum=[removed]<svg/onload=alert(1)>


And Now, this vulnerability have been
fixed.https://exponentcms.lighthouseapp.com/projects/61783/changesets/3f06b07755f35b96eff05ed3e3e1df2b907cade1

https://github.com/exponentcms/exponent-cms/commit/3f06b07755f35b96eff05ed3e3e1df2b907cade1


This issue was reported by Wang Chang of silence.com.cn Inc. and I would like
to request a CVE for this issue (if not done so).

Thank you.
---------------------------------http://www.silence.com.cn
wangchang#silence.com.cn
PKAV Team
Previous By Date Next
Previous By Thread Next

Current thread: