[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue
From: Henri Salo <henri@xxxxxxx>
Date: Thu, 1 Dec 2011 02:42:59 +0200

On Wed, Jan 12, 2011 at 03:51:15PM -0700, david.kurz@xxxxxxxxxxxxxxxxx wrote:
> [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue
> 
> Details
> =============
> Product: Contao CMS 2.9.2
> Security-Risk: moderated
> Remote-Exploit: yes
> Vendor-URL: http://www.contao.org/
> Advisory-Status: published
> 
> Credits
> =============
> Discovered by: David Vieira-Kurz
> 
> Affected Products:
> =============
> Contao CMS 2.9.2
> Prior versions may also be vulnerable
> 
> Description
> =============
> "Contao is an open source content management system (CMS) for people who want 
> a professional internet presence that is easy to maintain." - from 
> www.contao.org
> 
> More Details
> =============
> I have discovered some vulnerabilities in Contao CMS 2.9.2, which can be 
> exploited by malicious people to conduct persistent cross-site scripting 
> attacks. Input passed directly over the "HTTP_X_FORWARDED_FOR" header in 
> "/system/libraries/Environment.php" is not properly sanitised before being 
> stored and returned to the user out from the 
> "/system/modules/comments/Comments.php" file when the user browses the 
> "/contao/main.php?do=comments" site. This can be exploited to execute 
> arbitrary HTML and script code in a user's browser session in context of an 
> affected site.
> 
> Solution
> =============
> Update to the patched version 2.9.3.
> 
> Timeline
> ================
> 2010-12-24, vendor informed ( see ticket 2751 )
> 2011-01-01, vendor confirmed the issue
> 2011-01-06, vendor relased a patched version(2.9.3)
> 2011-01-12, advisory published
> 
> Use of terms
> ================
> Unaltered electronic reproduction of this advisory is permitted. For all 
> other reproduction or publication, in printing or otherwise, contact us for 
> permission. Use of the advisory constitutes acceptance for use in an "as is" 
> condition. All warranties are excluded. In no event shall MajorSecurity be 
> liable for any damages whatsoever including direct, indirect, incidental, 
> consequential, loss of business profits or special damages, even if 
> MajorSecurity has been advised of the possibility of such damages.

CVE-2011-0508

- Henri Salo

Prev by Date: Re: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003
Next by Date: Re: Contao 2.10.1 Cross-site scripting vulnerability
Previous by thread: Re: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003
Next by thread: Re: Contao 2.10.1 Cross-site scripting vulnerability
Index(es):
- Date
- Thread