Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29354
HistoryMay 06, 2013 - 12:00 a.m.

TC-SA-2013-01: Reflected Cross-Site-Scripting (XSS) vulnerability in e107 CMS v1.0.2

2013-05-0600:00:00
vulners.com
40
JSON

TC-SA-2013-01: Reflected Cross-Site-Scripting (XSS) vulnerability
in e107 CMS v1.0.2

Published: 2013/04/03
Version 1.0

Affected Products:
e107 version 1.0.2 (others not tested)
http://www.e107.org

References:
TC-SA-2013-01 www.tele-consulting.com/advisories/TC-SA-2013-01.txt
(used for updates)
CVE-2013-2750 - Reflected Cross-Site-Scripting (XSS) vulnerability
in e107 CMS v1.0.2

Summary:
"e107 is a free (open-source) content management system allowing
you to easily manage and publish your content. Developers can
save time in building websites and powerful online applications.
Users can avoid programming completely!" (www.e107.org)
The content_preset.php Script in e107 CMS is vulnerable to
reflected Cross-Site-Scripting (XSS) attacks. Malicious code is
not sanitized when using "%00" in conjuction with "%0d%0a"
within GET-Parameter.

Effect:
Under certain circumstances it is possible that attackers may
inject arbitrary script code e. g. to steal authentication data.

Vulnerable Scripts:
/e107_plugins/content/handlers/content_preset.php

Examples:
http://[host]/e107_plugins/content/handlers/content_preset.php?
%3c%00script%0d%0a>alert('reflexted%20XSS')</script>

Possible Solutions:
Use e107 v1.0.3 (contains updated content_preset.php)

Affected products:
e107 1.0.2 (older releases have not been tested)

Disclosure Timeline:
2013/02/18 vendor contacted via email
2013/02/18 initial response
2013/03/04 proposed fix by vendor
2013/03/08 second proposed fix by vendor
2013/03/13 fix confirmed
2013/03/14 vendor released update 1.0.3
2013/04/03 Public disclosure

Credits
Simon Bieber ([email protected])
Tele-Consulting security networking training GmbH
www.tele-consulting.com

Disclaimer:
All information is provided without warranty. The intent is to
provide information to secure infrastructure and/or systems, not
to be able to attack or damage. Therefore Tele-Consulting shall
not be liable for any direct or indirect damages that might be
caused by using this information.

Related

seebug 1
nessus 1
packetstorm 1
openvas 1
prion 1
cve 1
securityvulns 1
seebug
seebug
e107 'content_preset.php'跨站脚本漏洞(CVE-2013-2750)
2013-04-08 00:00:00
nessus
nessus
e107 content_preset.php URI XSS
2013-05-13 00:00:00
packetstorm
packetstorm
e107 CMS 1.0.2 Cross Site Scripting
2013-04-03 00:00:00
openvas
openvas
e107 query Cross Site Scripting Vulnerability
2014-01-28 00:00:00
prion
prion
Cross site scripting
2014-01-22 19:55:00
cve
cve
CVE-2013-2750
2014-01-22 19:55:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2013-05-06 00:00:00
JSON
Related for SECURITYVULNS:DOC:29354
seebug1nessus1packetstorm1openvas1prion1cve1securityvulns1