oss-sec mailing list archives

CVE-Request -- CMS Croogo v.2.2.0 -- Reflecting XSS in filemanager in the administrative backend

From: Steffen Rösemann <steffen.roesemann1986 () gmail com>
Date: Mon, 12 Jan 2015 15:48:12 +0100

Hi Josh, Steve, vendors, list.

I found a reflecting XSS vulnerability in the filemanager of the CMS Croogo
v. 2.2.0.

The filemanager is located here in a common Croogo installation:

http://
{TARGET}/admin/file_manager/file_manager/editfile?path=%2FApplications%2FXAMPP%2Fxamppfiles%2Fhtdocs%2Fcroogo-2.2.0%2Fpackage.json

By appending arbitrary HTML- and/or JavaScriptcode to names of existing
files, the XSS gets executed. However it does not work by appending the
code to names of directories.

Example:

http://{TARGET}/admin/file_manager/file_manager/editfile?path=%2FApplications%2FXAMPP%2Fxamppfiles%2Fhtdocs%2Fcroogo-2.2.0%2Fpackage.json<script>alert("XSS
in filemanager functionality of CMS Croogo 2.2.0")</script><!--

Could you please assign a CVE-ID for that issue?

Thank you!

Greetings

Steffen Rösemann

References:

[1] https://croogo.org/
[2] http://sroesemann.blogspot.de/2015/01/sroeadv-2015-02.html
[3] https://github.com/croogo/croogo/issues/599
[4]
http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-02.html

Current thread:

CVE-Request -- CMS Croogo v.2.2.0 -- Reflecting XSS in filemanager in the administrative backend Steffen Rösemann (Jan 12)
- Re: CVE-Request -- CMS Croogo v.2.2.0 -- Reflecting XSS in filemanager in the administrative backend cve-assign (Feb 12)