[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Mura CMS Cross-Site Scripting (XSS) Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Mura CMS Cross-Site Scripting (XSS) Vulnerability
From: Leon.Zhao.7@xxxxxxxxx
Date: Wed, 3 May 2017 09:27:40 GMT

Credits
===============
Zhao Liang, Huawei Weiran Labs


Vendor:
===============
Blue River Interactive Group


Product:
========================
Mura CMS

Mura CMS is built with one focused purpose in mind - to make it easier and 
faster for people to build and maintain even the most ambitious websites. 


Vulnerability Type:
================================
XSS


CVE Reference:
==============
CVE-2017-8302


Vulnerability Details:
=====================
Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to 
admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, 
admin/core/views/cusers/inc/dsp_nextn.cfm, 
admin/core/views/cusers/inc/dsp_search_form.cfm, 
admin/core/views/cusers/inc/dsp_users_list.cfm, 
admin/core/views/cusers/list.cfm, and admin/core/views/cusers/listusers.cfm.


Exploitation Technique:
=======================
Remote


Severity Level:
===============
High


Best Regards,
Zhao Liang, Huawei Weiran Labs

Prev by Date: [SECURITY] [DSA 3843-1] tomcat8 security update
Next by Date: Hola VPN v1.34 - Privilege Escalation Vulnerability
Previous by thread: [SECURITY] [DSA 3843-1] tomcat8 security update
Next by thread: Hola VPN v1.34 - Privilege Escalation Vulnerability
Index(es):
- Date
- Thread