what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ExpressionEngine Cross Site Scripting

ExpressionEngine Cross Site Scripting
Posted Mar 24, 2009
Authored by Adam Baldwin

ExpressionEngine versions 1.6.4 through 1.6.6 suffer form a persistent cross site scripting vulnerability. Earlier versions may also be susceptible.

tags | exploit, xss
SHA-256 | a1288027aa737de31887b7c6d39c9f16bbab3e7da1af5f62f00119e0eda3480b
Download | Favorite | View

ExpressionEngine Cross Site Scripting

Change Mirror Download
nGenuity Information Services - Security Advisory

   Advisory ID: NGENUITY-2009-003 - ExpressionEngine Persistent Cross-Site Scripting
   Application: ExpressionEngine (1.6.4 (possibly earlier)-1.6.6)
        Vendor: EllisLab, INC
Vendor website: http://www.expressionengine.com <http://www.transparent-tech.com/>
        Author: Adam Baldwin (adam_baldwin@ngenuity-is.com)

  I. BACKGROUND
     "ExpressionEngine is a flexible, feature-rich content management system
that empowers thousands of individuals, organizations, and companies
around the world to easily manage their website." [1] 

 II. DETAILS
     While setting a display avatar in the user control panel, avatar names
are not validated for invalid input. User input is then rendered, unaltered
into any browser that displays that members avatar.

Here is an example of an avatar name that will display an alert to any visitor
that views the users profile.

          chococat.gif"><script>alert('XSS')</script><div "a

III. REFERENCES
     [1] - http://expressionengine.com/

 IV. VENDOR COMMUNICATION
     1.17.2009 - Vendor Notified
     1.18.2009 - Initial vendor communication (details requested)
     1.18.2009 - Steps to reproduce provided to vendor
     1.21.2009 - Vendor response with public update "shortly"
     1.22.2009 - Vendor releases 1.6.7 which addresses this vulnerability

Copyright (c) 2008 nGenuity Information Services, LLC
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close