Full Disclosure mailing list archives
CMS Made Simple 2.2.5 [Stored Cross-Site Scripting]
From: Kyaw Min Thein <weev3 () outlook com>
Date: Mon, 22 Jan 2018 04:17:45 +0000
1.OVERVIEW CMS Made Simple version 2.2.5 is vulnerable to Stored Cross-Site Scripting. 2. PRODUCT DESCRIPTION CMS Made Simple is open source CMS for developing website. 3. VULNERABILITY DESCRIPTION The CMS Made Simple version 2.2.5 in admin/addbookmark.php didn't validate correctly in title parameter, so it can be execute as malicious javascript code. 4. VERSIONS AFFECTED 2.2.5 and can below. 5. PROOF-OF-CONCEPT https://kyawminthein901497298.wordpress.com/2018/01/22/the-journey-begins/ [https://kyawminthein901497298.files.wordpress.com/2018/01/stored-xss.png]<https://kyawminthein901497298.wordpress.com/2018/01/22/the-journey-begins/> CMS 2.2.5 Stored Cross-Site Scripting<https://kyawminthein901497298.wordpress.com/2018/01/22/the-journey-begins/> CVE-2018-5963 CMS Made Simple (CMSMS) 2.2.5 has Stored XSS in admin/addbookmark.php via the title parameter. After this request, website will pop-up The Add Shortcut title field is not properly sa… kyawminthein901497298.wordpress.com 6. IMPACT This occurs when web application fails to sanitize correctly, so malicious attacker can execute javascript code. 7. SOLUTION Should some sanitize every user input field. 8. VENDOR CMS Made Simple version 2.2.5 9. CREDIT This vulnerability was discovered by Kyaw Min Thein, https://kyawminthein901497298.wordpress.com/2018/01/22/the-journey-begins/ [https://kyawminthein901497298.files.wordpress.com/2018/01/stored-xss.png]<https://kyawminthein901497298.wordpress.com/2018/01/22/the-journey-begins/> CMS 2.2.5 Stored Cross-Site Scripting<https://kyawminthein901497298.wordpress.com/2018/01/22/the-journey-begins/> CVE-2018-5963 CMS Made Simple (CMSMS) 2.2.5 has Stored XSS in admin/addbookmark.php via the title parameter. After this request, website will pop-up The Add Shortcut title field is not properly sa… kyawminthein901497298.wordpress.com 10. DISCLOSURE TIME-LINE 1-19-2018 vulnerability reported to vendor 1-21-2018 notified vendor and vendor said they will not give features for using admin permission 1-22-2018 assigned as CVE-2018-5963 by mitre _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CMS Made Simple 2.2.5 [Stored Cross-Site Scripting] Kyaw Min Thein (Jan 23)