oss-sec mailing list archives
CVE Request - BigTree CMS - Stored XSS while creating a new user
From: Anirudh Anand <anirudhanand722 () gmail com>
Date: Fri, 26 Jun 2015 22:30:46 +0530
Hello all, BigTree CMS is a popular Content Management System written in PHP. While creating a new user, the "*Name*" and "*Company*" parameters are not properly sanitized and it leads to stored XSS. *Date:* 25th June, 2015 *Exploit Author:* Anirudh Anand *Vendor Homepage*: https://www.bigtreecms.org/ *Software Link:* https://www.bigtreecms.org/download/ *Version: *< 4.2.2 *Tested on:* Linux:- Ubuntu, Debian The issue has been successfully reported to vendor and they have released an update for the same. *References: * *Bug Report:* https://github.com/bigtreecms/BigTree-CMS/issues/205 *Fix Released:* https://github.com/bigtreecms/BigTree-CMS/commit/e13aa4795cdeb1ab1dc0f5fd0b66df2d1296591d -- Anirudh Anand bi0s@AMRITA www.securethelock.com *"Those who Say it cannot be done, should not interrupt the people doing it"*
Current thread:
- CVE Request - BigTree CMS - Stored XSS while creating a new user Anirudh Anand (Jun 26)