Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31173
HistoryOct 14, 2014 - 12:00 a.m.

Vulnerabilities in In-Portal CMS

2014-10-1400:00:00
vulners.com
16
JSON

Hello 3APA3A!

These are Cross-Site Scripting and Brute Force vulnerabilities in In-Portal CMS.

Affected products:

Vulnerable are In-Portal CMS 5.2.0 and previous versions.

In version In-Portal CMS 5.2.1 at 31.08.2014 developers fixed XSS vulnerability after my warning. But didn't fix BF, only gave recommendations about protection against these attacks (it's their solution). They recommend for users of the system to limit access to admin panel by IP.

Affected vendors:

In-Portal
http://in-portal.com

Details:

Cross-Site Scripting (WASC-08):

http://site/admin/index.php?env=-login:m0--1--s-&next_template=%22%3E%3Cbody%20onload=alert(document.cookie)%3E

Brute Force (WASC-11):

http://site/admin/index.php

I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/7276/).

Best wishes & regards,
Eugene Dokukin aka MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

JSON