oss-sec mailing list archives
CVE request:Exponent CMS 2.3.9 xss vulnerability in worldpay
From: Carl Peng <felixk3y () gmail com>
Date: Wed, 21 Sep 2016 08:09:27 +0800
Hi, I reported the following Cross Site Scripting vulnerability to the ExponentCMS team on Sep 16, 2016: vulnerability: /external/worldpay/callback.php line 7-11: ``` <head> <meta http-equiv="refresh" content="2;url=<?php echo URL_FULL; ?>cart/preprocess?transStatus=<?php echo $_POST["transStatus"]; ?>&transId=<?php echo $_POST["transId"]; ?>"> //xss <meta http-equiv="Content-Type" content="text/html;charset=UTF-8" /> <title></title> </head> ``` "transStatus", "transId" parameters are fail to sufficiently sanitize. Proof of concept: http://www.exponentcms.org/external/worldpay/callback.php And post:transStatus="/><script>alert(/xss/)</script> And Now, Cross Site Scripting vulnerability have been fixed. https://exponentcms.lighthouseapp.com/projects/61783/changesets/5e4b749bff4314f2a22c7afef903c67ccb862caf https://github.com/exponentcms/exponent-cms/commit/5e4b749bff4314f2a22c7afef903c67ccb862caf This issue was reported by Peng Hua of silence.com.cn Inc. and I would like to request a CVE for this issue (if not done so). Thank you. ---------------------------------http://www.silence.com.cn penghua#silence.com.cn PKAV Team
Current thread:
- CVE request:Exponent CMS 2.3.9 xss vulnerability in worldpay Carl Peng (Sep 20)