oss-sec mailing list archives
CVE request: Havalite CMS 1.1.7 stored XSS vulnerability in comments of blog posts
From: Henri Salo <henri () nerv fi>
Date: Sun, 6 Jan 2013 16:20:30 +0200
Havalite CMS has stored XSS vulnerability in comments of blog posts. Example: POST http://example.com/?p=1 "comment" with value %E2%80%9C%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E Tested in 1.1.7 (cbd391e913d04224225cf924a7fcb2b5), which was uploaded 2012-11-07 to sourceforge.net. I tried to contact vendor without response. https://sourceforge.net/projects/havalite/files/ Some other notes: - CVE-2012-5919 still not fixed in 1.1.7 version - CVE-2012-5893 does not work without administrator privileges, but uploaded files are executed (for example PHP) - Typos in "readme.html" - 777 modes not needed even it was in several places. 711 is enough for content directories I recommend not to use this software before these vulnerabilities are fixed. --- Henri Salo ps. I have regression tests for these issues if someone needs :) pss. Please note that havalite.com is not affected by this issue for some reason
Current thread:
- CVE request: Havalite CMS 1.1.7 stored XSS vulnerability in comments of blog posts Henri Salo (Jan 06)
- Re: CVE request: Havalite CMS 1.1.7 stored XSS vulnerability in comments of blog posts Kurt Seifried (Jan 07)