oss-sec mailing list archives

CVE request: Reflected XSS in OcPortal CMS 9.0.20

From: Dis close <disclose () cybersecurityworks com>
Date: Fri, 13 Nov 2015 12:45:13 +0530

Hello List:

Can a CVE be assigned to the following ?

Details
===========================
Title                              :Reflected cross-site scripting
vulnerability in *OcPortal CMS*
Version                         : 9.0.20
Vendor Homepage         :http://ocportal.com/start.htm
Vulnerability Type          :Reflected cross-site scripting vulnerability
(XSS)
Risk                             :High
Status                          :Fixed

Description
===============================
OcPortal CMS 9.0.20 is prone to a cross-site scripting vulnerability
because it fails to properly sanitize user-supplied input.A value in a
template that is not meant to contain HTML is marked as an escaped value
({VALUE*}). This meant that ‘html entities’ are put in replacement of HTML
control characters.



Vulnerable Parameter
===============================
[*FIELD_NAME*]


Remote Exploitable
===============================
*Yes*

Technical Details
==============================

https://github.com/cybersecurityworks/Disclosed/issues/11




Solution
==============================
Upgrade to latest version 9.0.21
https://ocportal.com/site/sites.htm

OR

Vendor has released patch for this issue, please refer below link
http://ocportal.com/site/news/view/security_issues/security-patch-for-xss.htm?filter=1%2C2%2C3%2C29%2C30



Timeline
==============================
2015-11-06 - First Contact
2015-11-06 - Vendor Response
2015-11-07 - Vendor Fixed
2015-11-13 - Public Disclosure

Credits & Author
==============================
Arjun Basnet from Cyber Security Works Pvt. Ltd (
http://www.cybersecurityworks.com/)

About Cybersecurityworks
==============================
Cybersecurity Works is basically an auditing company passionate working on
findings & reporting security flaws & vulnerabilities on web application
and network. As professionals, we handle each client differently based on
their unique requirements. Visit our website
http://www.cybersecurityworks.com/ for more information.


-- 
----------
Cheers !!!

Team CSW

Current thread:

CVE request: Reflected XSS in OcPortal CMS 9.0.20 Dis close (Nov 13)