oss-sec mailing list archives
Re: CVE request: Havalite CMS 1.1.7 stored XSS vulnerability in comments of blog posts
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 07 Jan 2013 23:22:25 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/06/2013 07:20 AM, Henri Salo wrote:
Havalite CMS has stored XSS vulnerability in comments of blog posts. Example: POST http://example.com/?p=1 "comment" with value %E2%80%9C%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E Tested in 1.1.7 (cbd391e913d04224225cf924a7fcb2b5), which was uploaded 2012-11-07 to sourceforge.net. I tried to contact vendor without response. https://sourceforge.net/projects/havalite/files/ Some other notes: - CVE-2012-5919 still not fixed in 1.1.7 version - CVE-2012-5893 does not work without administrator privileges, but uploaded files are executed (for example PHP) - Typos in "readme.html" - 777 modes not needed even it was in several places. 711 is enough for content directories I recommend not to use this software before these vulnerabilities are fixed.
Please use CVE-2013-0161 for this issue.
--- Henri Salo ps. I have regression tests for these issues if someone needs :) pss. Please note that havalite.com is not affected by this issue for some reason
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQ67shAAoJEBYNRVNeJnmThmEQAL1DFLb+iDP4aOsIo0+NTydd e+N4VgL7PIzJR2Z/8TZx0+q0DdKCni2Y8h4X9hLZl7OUgs74iTbV5hZMnVnpa8LQ 8EUfrlGRjVsT/INtQ6Lb3K9cDEka2bzxnhMw4HrA4vuTW2MPw9U18kd9EMFogQwV dzmOofDVY/k+kkIfW826nKE/1JVy8bGw2Tv/94V1Wvwcpfiu7D0qZgMYPgeqvjf1 4vJPkyi/eErGdPvK5UsOlV7dZ9ebIyCO6IDUMgNKP8NgLUnOKhI1Q6wBH9k+vuCn vljphpdyqQqamhFvkjAV0OG0MxAbO8KAaCFxjzaLCep+uDTiUBwljvPp2diSIFYo YSrTyYMSgnPzITXPEUcgEUszZD9kq98a4Wrkn3X8yUVzDZ4GvtmGPUuNb5UYKAn1 h9VaO6PPQbj/p0XTgfxJ/JGtDrlNDhAv3sTpnwPBc9sZAzJ1qNQYkCRHM+kN+SWN aNAUR6EolzI2fmnIQd5royfY2TTaAyRr01mnshRVlpmFeOqwtdZXee8vc1ohjgcq uvvvDqsIrnCzxouQF8NxkuO2ZuKL5cYIvoCTP7eF/zuyaqSLEctiTA7xPdetHgh9 lnfMFJo1+II3DOYYMTPvmxYsmW7zPwGEiMKnJu/PVgQyQN9B/lvetCErOH1XXyAN nTStZIZwx4+tK+yluo+W =2vPd -----END PGP SIGNATURE-----
Current thread:
- CVE request: Havalite CMS 1.1.7 stored XSS vulnerability in comments of blog posts Henri Salo (Jan 06)
- Re: CVE request: Havalite CMS 1.1.7 stored XSS vulnerability in comments of blog posts Kurt Seifried (Jan 07)