| Titel | Sitemagic CMS v4.4.1 - Multiple Cross-Site-Scripting (XSS) |
|---|
| Beschreibung | It was identified that Sitemagic CMS v4.4.1 was vulnerable to multiple unauthenticated Reflected Cross-Site Scripting.
Reflected Cross-Site Scripting vulnerabilities arise when data from a request is reflected in the immediate response in an unsafe manner. An attacker can exploit this behavior to inject JavaScript code into a specially crafted request. If this request is issued by an application user, the injected JavaScript code will execute in that user's browser in the context of the user's session with the application.
The injected code can carry out a number of malicious functions on the attacker's behalf, including retrieving active session tokens for the application, retrieving browser cache history, recording keystrokes and bypassing other security features such as CSRF protection.
The following URLs showed to be affected and can be used as a PoC:
• /sitemagic/index.php/'-alert(document.cookie)-'a/b/c/
• /sitemagic/upgrade.php?UpgradeMode=%3Cscript%3Ealert(document.cookie)%3C%2fscript%3E
In the first case, the XSS is obtained manipulating the request URL directly, while in the second one, the parameter “UpgradeMode” showed to be insufficiently validated.
The vulnerability was acknowledged by the vendor, that published a patched version (4.4.2). Moreover, the CVE ID: CVE-2019-18219 was assigned to this issue. |
|---|
| Quelle | ⚠️ https://github.com/Jemt/SitemagicCMS/blob/master/changelog.txt |
|---|
| Benutzer | Anonymous User |
|---|
| Einreichung | 21.10.2019 16:50 (vor 7 Jahren) |
|---|
| Moderieren | 22.10.2019 09:16 (16 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 144007 [Codemagic Sitemagic CMS 4.4.1 /sitemagic/index.php Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|