exploit the possibilities

CMS Made Simple 2.2.10 Cross Site Scripting

CMS Made Simple 2.2.10 Cross Site Scripting
Posted May 24, 2019
Authored by Manuel Garcia Cardenas

CMS Made Simple version 2.2.10 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-11226
MD5 | 67544830735cd3b80f4bcc531cb9688c

CMS Made Simple 2.2.10 Cross Site Scripting

Change Mirror Download
=============================================
MGC ALERT 2019-002
- Original release date: April 10, 2019
- Last revised: May 22, 2019
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,8/10 (CVSS Base Score)
- CVE-ID: CVE-2019-11226
=============================================

I. VULNERABILITY
-------------------------
CMS Made Simple 2.2.10 - (Authenticated) Persistent Cross-Site Scripting

II. BACKGROUND
-------------------------
CMS Made Simple (CMSMS) is a free, open source (GPL) content management
system (CMS) to provide developers, programmers and site owners a web-based
development and administration area.

III. DESCRIPTION
-------------------------
Has been detected a Persistent XSS vulnerability in CMS Made Simple, that
allows the execution of arbitrary HTML/script code to be executed in the
context of the victim user's browser.

IV. PROOF OF CONCEPT
-------------------------
Go to: Content -> Content Manager -> News -> Add Article

And post in the m1_title parameter for example
test"><script>alert(1)</script>

The variable "m1_title" it is not sanitized, later, if some user visit the
content in the public area, the XSS is executed, in the response you can
view:

<input type="text" id="fld1" name="m1_title"
value="test"><script>alert(1)</script>

V. BUSINESS IMPACT
-------------------------
An attacker can execute arbitrary HTML or Javascript code in a targeted
user's browser, this can leverage to steal sensitive information as user
credentials, personal data, etc.

VI. SYSTEMS AFFECTED
-------------------------
CMS Made Simple <= 2.2.10

VII. SOLUTION
-------------------------
Disable until a fix is available, vendor doesn't accept XSS issues inside
admin panel.

VIII. REFERENCES
-------------------------
https://www.cmsmadesimple.org/

IX. CREDITS
-------------------------
This vulnerability has been discovered and reported
by Manuel Garcia Cardenas (advidsec (at) gmail (dot) com).

X. REVISION HISTORY
-------------------------
April 10, 2019 1: Initial release
May 22, 2019 2: Last revision

XI. DISCLOSURE TIMELINE
-------------------------
April 10, 2019 1: Vulnerability acquired by Manuel Garcia Cardenas
April 10, 2019 2: Send to vendor
April 22, 2019 3: New request, vendor doesn't accept XSS issues inside
admin panel.
May 22, 2019 4: Sent to lists

XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is" with no
warranties or guarantees of fitness of use or otherwise.

XIII. ABOUT
-------------------------
Manuel Garcia Cardenas
Pentester


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    22 Files
  • 20
    Jun 20th
    14 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close