exploit the possibilities

CMS Made Simple 2.2.10 Cross Site Scripting

CMS Made Simple 2.2.10 Cross Site Scripting
Posted May 24, 2019
Authored by Manuel Garcia Cardenas

CMS Made Simple version 2.2.10 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-11226
MD5 | 67544830735cd3b80f4bcc531cb9688c

CMS Made Simple 2.2.10 Cross Site Scripting

Change Mirror Download
=============================================
MGC ALERT 2019-002
- Original release date: April 10, 2019
- Last revised: May 22, 2019
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,8/10 (CVSS Base Score)
- CVE-ID: CVE-2019-11226
=============================================

I. VULNERABILITY
-------------------------
CMS Made Simple 2.2.10 - (Authenticated) Persistent Cross-Site Scripting

II. BACKGROUND
-------------------------
CMS Made Simple (CMSMS) is a free, open source (GPL) content management
system (CMS) to provide developers, programmers and site owners a web-based
development and administration area.

III. DESCRIPTION
-------------------------
Has been detected a Persistent XSS vulnerability in CMS Made Simple, that
allows the execution of arbitrary HTML/script code to be executed in the
context of the victim user's browser.

IV. PROOF OF CONCEPT
-------------------------
Go to: Content -> Content Manager -> News -> Add Article

And post in the m1_title parameter for example
test"><script>alert(1)</script>

The variable "m1_title" it is not sanitized, later, if some user visit the
content in the public area, the XSS is executed, in the response you can
view:

<input type="text" id="fld1" name="m1_title"
value="test"><script>alert(1)</script>

V. BUSINESS IMPACT
-------------------------
An attacker can execute arbitrary HTML or Javascript code in a targeted
user's browser, this can leverage to steal sensitive information as user
credentials, personal data, etc.

VI. SYSTEMS AFFECTED
-------------------------
CMS Made Simple <= 2.2.10

VII. SOLUTION
-------------------------
Disable until a fix is available, vendor doesn't accept XSS issues inside
admin panel.

VIII. REFERENCES
-------------------------
https://www.cmsmadesimple.org/

IX. CREDITS
-------------------------
This vulnerability has been discovered and reported
by Manuel Garcia Cardenas (advidsec (at) gmail (dot) com).

X. REVISION HISTORY
-------------------------
April 10, 2019 1: Initial release
May 22, 2019 2: Last revision

XI. DISCLOSURE TIMELINE
-------------------------
April 10, 2019 1: Vulnerability acquired by Manuel Garcia Cardenas
April 10, 2019 2: Send to vendor
April 22, 2019 3: New request, vendor doesn't accept XSS issues inside
admin panel.
May 22, 2019 4: Sent to lists

XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is" with no
warranties or guarantees of fitness of use or otherwise.

XIII. ABOUT
-------------------------
Manuel Garcia Cardenas
Pentester


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    3 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close