[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Reflected Cross-Site Scripting (XSS) in BlackCat CMS
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Reflected Cross-Site Scripting (XSS) in BlackCat CMS
- From: High-Tech Bridge Security Research <advisory@xxxxxxxxxxxx>
- Date: Wed, 3 Sep 2014 13:43:33 +0200 (CEST)
Advisory ID: HTB23228
Product: BlackCat CMS
Vendor: Black Cat Development
Vulnerable Version(s): 1.0.3 and probably prior
Tested Version: 1.0.3
Advisory Publication: August 13, 2014 [without technical details]
Vendor Notification: August 13, 2014
Vendor Patch: August 13, 2014
Public Disclosure: September 3, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-5259
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Solution Available
Discovered and Provided: High-Tech Bridge Security Research Lab (
https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab discovered vulnerability in BlackCat
CMS, which can be exploited to perform Cross-Site Scripting (XSS) attacks.
1) Reflected Cross-Site Scripting (XSS) in BlackCat CMS: CVE-2014-5259
The vulnerability exists due to insufficient sanitization of the "msg" HTTP GET
parameter passed to "/modules/lib_jquery/plugins/cattranslate/cattranslate.php"
script. A remote attacker can trick a logged-in user to open a specially
crafted link and execute arbitrary HTML and script code in browser in context
of the vulnerable website. Successful exploitation of the vulnerability may
allow an attacker to steal sensitive information, alter website pages and
perform phishing attacks.
The exploitation example below uses the "alert()" JavaScript function to
display "immuniweb" word:
http://[host]/modules/lib_jquery/plugins/cattranslate/cattranslate.php?msg=%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E
-----------------------------------------------------------------------------------------------
Solution:
Apply vendor's patch:
http://forum.blackcat-cms.org/viewtopic.php?f=2&t=263
-----------------------------------------------------------------------------------------------
References:
[1] High-Tech Bridge Advisory HTB23228 -
https://www.htbridge.com/advisory/HTB23228 - Reflected Cross-Site Scripting
(XSS) in BlackCat CMS.
[2] BlackCat CMS - http://blackcat-cms.org/ - BlackCat CMS ist ein einfach zu
bedienendes, übersichtliches und vielseitig einsetzbares Content Management
System.
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ -
international in scope and free for public use, CVE® is a dictionary of
publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to
developers and security practitioners, CWE is a formal list of software
weakness types.
[5] ImmuniWeb® SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual
web application penetration test and cutting-edge vulnerability scanner
available online via a Software-as-a-Service (SaaS) model.
-----------------------------------------------------------------------------------------------
Disclaimer: The information provided in this Advisory is provided "as is" and
without any warranty of any kind. Details of this Advisory may be updated in
order to provide as accurate information as possible. The latest version of the
Advisory is available on web page [1] in the References.