Exponent CMS 2.3.5 -File Upload Cross Site Scripting Vulnerability
Reported by Sachin Wagh | December 25th, 2015 @ 08:25 PM | in 2.3.7 (closed)
Information
Vulnerability Type : Exponent CMS 2.3.5 -File Upload Cross Site
Scripting Vulnerability
Vulnerable Version : 2.3.5
CVE-ID :
Severity: High
Author – Sachin Wagh (@tiger_tigerboy)
Description
Exponent CMS is prone to a file upload cross site Scripting vulnerability because it fails to sanitize user-supplied input.It is possible to make a Exponent CMS vulnerable to XSS if you can upload/include a html file into the file manager.
Please find attached POC for more detail.
Reference :
https://www.owasp.org/index.php/Testing_for_Stored_Cross_site_scrip...
Credits & Authors
Sachin Wagh (@tiger_tigerboy)
Comments and changes to this ticket
-
Sachin Wagh December 26th, 2015 @ 05:54 PM
Thanks dleffler.
Once got the CVE-ID please update me accordingly.
Thanks.
-
expNinja December 26th, 2015 @ 05:56 PM
- State changed from “new” to “resolved”
(from [148790795acba350fc42bd236b7f0da4a6e0e10e]) Fix security issue by strengthening the server security parameters in folders receiving uploads and tighten elFinder security by not allow any files to be opened (only folders)...you'll need to use the 'preview' or 'edit' commands or click on the link in the 'info' dialog which will enforce the server security settings.[#1323 state:resolved] https://github.com/exponentcms/exponent-cms/commit/148790795acba350...
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Bug Tracker for Exponent CMS
expNinja