oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request - BigTree CMS - Stored XSS while creating a new user

From: Anirudh Anand <anirudhanand722 () gmail com>
Date: Fri, 26 Jun 2015 22:30:46 +0530
Hello all,

BigTree CMS is a popular Content Management System written in PHP. While
creating a new user, the "*Name*" and "*Company*" parameters are not
properly sanitized and it leads to stored XSS.

*Date:* 25th June, 2015

*Exploit Author:* Anirudh Anand

*Vendor Homepage*: https://www.bigtreecms.org/

*Software Link:* https://www.bigtreecms.org/download/

*Version: *< 4.2.2

*Tested on:* Linux:- Ubuntu, Debian


The issue has been successfully reported to vendor and they have released
an update for the same.

*References: *

*Bug Report:* https://github.com/bigtreecms/BigTree-CMS/issues/205

*Fix Released:*
https://github.com/bigtreecms/BigTree-CMS/commit/e13aa4795cdeb1ab1dc0f5fd0b66df2d1296591d

-- 

Anirudh Anand
bi0s@AMRITA
www.securethelock.com

*"Those who Say it cannot be done, should not interrupt the people doing
it"*
Previous By Date Next
Previous By Thread Next

Current thread: