oss-sec mailing list archives
CVE-Request -- CMS Croogo v.2.2.0 -- Reflecting XSS in filemanager in the administrative backend
From: Steffen Rösemann <steffen.roesemann1986 () gmail com>
Date: Mon, 12 Jan 2015 15:48:12 +0100
Hi Josh, Steve, vendors, list. I found a reflecting XSS vulnerability in the filemanager of the CMS Croogo v. 2.2.0. The filemanager is located here in a common Croogo installation: http:// {TARGET}/admin/file_manager/file_manager/editfile?path=%2FApplications%2FXAMPP%2Fxamppfiles%2Fhtdocs%2Fcroogo-2.2.0%2Fpackage.json By appending arbitrary HTML- and/or JavaScriptcode to names of existing files, the XSS gets executed. However it does not work by appending the code to names of directories. Example: http://{TARGET}/admin/file_manager/file_manager/editfile?path=%2FApplications%2FXAMPP%2Fxamppfiles%2Fhtdocs%2Fcroogo-2.2.0%2Fpackage.json<script>alert("XSS in filemanager functionality of CMS Croogo 2.2.0")</script><!-- Could you please assign a CVE-ID for that issue? Thank you! Greetings Steffen Rösemann References: [1] https://croogo.org/ [2] http://sroesemann.blogspot.de/2015/01/sroeadv-2015-02.html [3] https://github.com/croogo/croogo/issues/599 [4] http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-02.html
Current thread:
- CVE-Request -- CMS Croogo v.2.2.0 -- Reflecting XSS in filemanager in the administrative backend Steffen Rösemann (Jan 12)