[FD] CMS Made Simple 2.2.5 [Stored Cross-Site Scripting]

1.OVERVIEW

CMS Made Simple version 2.2.5 is vulnerable to Stored Cross-Site Scripting.

2. PRODUCT DESCRIPTION

CMS Made Simple is open source CMS for developing website.

3. VULNERABILITY DESCRIPTION

The CMS Made Simple version 2.2.5 in admin/addbookmark.php didn't validate
correctly in title parameter, so it can be execute as malicious javascript code.

4. VERSIONS AFFECTED

2.2.5 and can below.

5. PROOF-OF-CONCEPT

https://kyawminthein901497298.wordpress.com/2018/01/22/the-journey-begins/
[https://kyawminthein901497298.files.wordpress.com/2018/01/stored-xss.png]<https://kyawminthein901497298.wordpress.com/2018/01/22/the-journey-begins/>

CMS 2.2.5 Stored Cross-Site
Scripting<https://kyawminthein901497298.wordpress.com/2018/01/22/the-journey-begins/>
CVE-2018-5963 CMS Made Simple (CMSMS) 2.2.5 has Stored XSS in
admin/addbookmark.php via the title parameter. After this request, website will
pop-up The Add Shortcut title field is not properly sa…
kyawminthein901497298.wordpress.com

6. IMPACT

This occurs when web application fails to sanitize correctly, so malicious
attacker can execute javascript code.

7. SOLUTION

Should some sanitize every user input field.

8. VENDOR

CMS Made Simple version 2.2.5

9. CREDIT

This vulnerability was discovered by Kyaw Min Thein,
https://kyawminthein901497298.wordpress.com/2018/01/22/the-journey-begins/
[https://kyawminthein901497298.files.wordpress.com/2018/01/stored-xss.png]<https://kyawminthein901497298.wordpress.com/2018/01/22/the-journey-begins/>

10. DISCLOSURE TIME-LINE

1-19-2018 vulnerability reported to vendor
1-21-2018 notified vendor and vendor said they will not give features for using
admin permission
1-22-2018 assigned as CVE-2018-5963 by mitre

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/