|
Message-ID: <CALH-=7yEwd2M_TN39H=9SvgkaCtESuHGdb1fQ8OubJdW9YHnZA@mail.gmail.com> Date: Mon, 12 Jan 2015 15:42:58 +0100 From: Steffen Rösemann <steffen.roesemann1986@...il.com> To: oss-security@...ts.openwall.com Subject: CVE-Request -- CMS PHPKit WCMS v.1.6.6 -- Reflecting XSS vulnerability in administrative backend (poll archive) Hi Josh, Steve, vendors, list. I found a reflecting XSS vulnerability in the poll archive of the administrative backend of CMS PHPKit WCMS v.1.6.6 [Build: 1660014]. It is located here on a common PHPKit WCMS installation: http://{TARGET}/upload_files/pk/include.php?path=pollarchive&result=1 The parameter "result" is vulnerable by appending arbitrary HTML- and/or JavaScriptcode to it. Example: http:// {TARGET}/upload_files/pk/include.php?path=pollarchive&result=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3C!-- Could you please assign a CVE-ID for it? Thank you! Steffen Rösemann References: [1] http://www.phpkit.com/de/ [2] http://sroesemann.blogspot.de/2014/12/sroeadv-2014-07.html [3] http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-07.html
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.