oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: Havalite CMS 1.1.7 stored XSS vulnerability in comments of blog posts

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 07 Jan 2013 23:22:25 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/06/2013 07:20 AM, Henri Salo wrote:

Havalite CMS has stored XSS vulnerability in comments of blog
posts. Example:

POST http://example.com/?p=1 "comment" with value
%E2%80%9C%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E

Tested in 1.1.7 (cbd391e913d04224225cf924a7fcb2b5), which was
uploaded 2012-11-07 to sourceforge.net. I tried to contact vendor
without response.

https://sourceforge.net/projects/havalite/files/

Some other notes: - CVE-2012-5919 still not fixed in 1.1.7 version 
- CVE-2012-5893 does not work without administrator privileges, but
uploaded files are executed (for example PHP) - Typos in
"readme.html" - 777 modes not needed even it was in several places.
711 is enough for content directories

I recommend not to use this software before these vulnerabilities
are fixed.


Please use CVE-2013-0161 for this issue.


--- Henri Salo ps. I have regression tests for these issues if
someone needs :) pss. Please note that havalite.com is not affected
by this issue for some reason


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ67shAAoJEBYNRVNeJnmThmEQAL1DFLb+iDP4aOsIo0+NTydd
e+N4VgL7PIzJR2Z/8TZx0+q0DdKCni2Y8h4X9hLZl7OUgs74iTbV5hZMnVnpa8LQ
8EUfrlGRjVsT/INtQ6Lb3K9cDEka2bzxnhMw4HrA4vuTW2MPw9U18kd9EMFogQwV
dzmOofDVY/k+kkIfW826nKE/1JVy8bGw2Tv/94V1Wvwcpfiu7D0qZgMYPgeqvjf1
4vJPkyi/eErGdPvK5UsOlV7dZ9ebIyCO6IDUMgNKP8NgLUnOKhI1Q6wBH9k+vuCn
vljphpdyqQqamhFvkjAV0OG0MxAbO8KAaCFxjzaLCep+uDTiUBwljvPp2diSIFYo
YSrTyYMSgnPzITXPEUcgEUszZD9kq98a4Wrkn3X8yUVzDZ4GvtmGPUuNb5UYKAn1
h9VaO6PPQbj/p0XTgfxJ/JGtDrlNDhAv3sTpnwPBc9sZAzJ1qNQYkCRHM+kN+SWN
aNAUR6EolzI2fmnIQd5royfY2TTaAyRr01mnshRVlpmFeOqwtdZXee8vc1ohjgcq
uvvvDqsIrnCzxouQF8NxkuO2ZuKL5cYIvoCTP7eF/zuyaqSLEctiTA7xPdetHgh9
lnfMFJo1+II3DOYYMTPvmxYsmW7zPwGEiMKnJu/PVgQyQN9B/lvetCErOH1XXyAN
nTStZIZwx4+tK+yluo+W
=2vPd
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: