Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Symphony 2.6.3 – Multiple Persistent Cross-Site Scripting Vulnerabilities

From: CSW Research Lab <disclose () cybersecurityworks com>
Date: Sat, 12 Dec 2015 20:25:10 +0530
================================================================
Symphony 2.6.3 – Multiple Persistent Cross-Site Scripting Vulnerabilities
================================================================

Information
**********************

Vulnerability Type : Multiple Persistent Cross Site Scripting
Vulnerabilities
Vulnerable Version : 2.6.3
Severity: Medium
Author – Arjun Basnet
CVE-ID: N/A
Homepage: *http://www.getsymphony.com/ <http://www.getsymphony.com/> *

Description
***********************

Bedita is prone to Multiple persistent cross-site scripting
vulnerabilities because
it fails to sanitize user-supplied input. An attacker may leverage this
issue to execute arbitrary script code in the browser of an unsuspecting
user of the affected site.

Proof of Concept URL
***************************

[+] http://localhost/symphony/symphony/system/preferences/success/

Affected Area
*****************

[+] http://localhost/symphony/symphony/system/preferences/

Payload
=======================

"><script>alert(1);</script>

Advisory Information:
================================================
Symphony CMS XSS Vulnerability


Severity Level:
=========================================================
High

Description:
==========================================================

Vulnerable Product
*************************

[+] Symphony  2.6.3

Vulnerable Parameter(s)
******************************
email_sendmail[from_name]
email_sendmail[from_address]
email_smtp[from_name]
email_smtp[from_address]
email_smtp[host]
email_smtp[port]
it_image_manipulation[trusted_external_sites]
maintenance_mode[ip_whitelist]


Advisory Timeline
************************

03-Nov-2015- Reported
05-Nov-2015- Vendor Response
10-Dec-2015- Vendor Released Fixed version
12-Dec-2015- Public disclosed

Fixed Version:
*****************

[+]  Symphony 2.6.4 (http://www.getsymphony.com/download/)


Reference
*****************

[+] https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)


Credits & Authors
************************
Arjun Basnet from Cyber Security Works Pvt. Ltd. (
http://cybersecurityworks.com)

-- 
----------
Cheers !!!

Team CSW Research Lab <http://www.cybersecurityworks.com>

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: