oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request -- CMS BEdita v. 3.4.0 -- Multiple stored XSS vulnerabilities

From: Steffen Rösemann <steffen.roesemann1986 () gmail com>
Date: Thu, 8 Jan 2015 21:37:18 +0100
Hi Josh, Steve, vendors, list.

I found multiple stored XSS vulnerabilities in the administrative backend
of CMS BEdita v.3.4.0 (release-date: 9th-May-2014).

The vulnerabilities can be found in the following paths of a common BEdita
installation:

http://{TARGET}/index.php/home/profile (in form with id „editProfile“  via
input field with id „lrealname")

http://{TARGET}/index.php/ (in form with id „addQuickItem“ via input field
with name "data[title]" and name "data[description]")

http://{TARGET}/index.php/areas (in form with id „saveNote“ via input field
with id „note text")

http://{TARGET}/index.php/documents/view (in form with id „updateForm“ via
input field with id „titleBEObject“ and input field with id „tagsArea“)

The vulnerabilities can be exploited by using arbitray HTML- and/or
JavaScriptcode, e.g. <script>alert(document.cookie)</script>.

Could you please assign a CVE-ID for it?

Thank you. Greetings.

Steffen Rösemann

References:

[1] http://www.bedita.com
[2] http://sroesemann.blogspot.de/2014/12/sroeadv-2014-10.html
[3] https://github.com/bedita/bedita/issues/566
[4] http://seclists.org/fulldisclosure/2015/Jan/16
Previous By Date Next
Previous By Thread Next

Current thread: