| Title | Sitemagic CMS v4.4.1 - Multiple Cross-Site-Scripting (XSS) |
|---|
| Description | It was identified that Sitemagic CMS v4.4.1 was vulnerable to multiple unauthenticated Reflected Cross-Site Scripting.
Reflected Cross-Site Scripting vulnerabilities arise when data from a request is reflected in the immediate response in an unsafe manner. An attacker can exploit this behavior to inject JavaScript code into a specially crafted request. If this request is issued by an application user, the injected JavaScript code will execute in that user's browser in the context of the user's session with the application.
The injected code can carry out a number of malicious functions on the attacker's behalf, including retrieving active session tokens for the application, retrieving browser cache history, recording keystrokes and bypassing other security features such as CSRF protection.
The following URLs showed to be affected and can be used as a PoC:
• /sitemagic/index.php/'-alert(document.cookie)-'a/b/c/
• /sitemagic/upgrade.php?UpgradeMode=%3Cscript%3Ealert(document.cookie)%3C%2fscript%3E
In the first case, the XSS is obtained manipulating the request URL directly, while in the second one, the parameter “UpgradeMode” showed to be insufficiently validated.
The vulnerability was acknowledged by the vendor, that published a patched version (4.4.2). Moreover, the CVE ID: CVE-2019-18219 was assigned to this issue. |
|---|
| Source | ⚠️ https://github.com/Jemt/SitemagicCMS/blob/master/changelog.txt |
|---|
| Submission | 2019-10-21 16時50分 (5 years ago) |
|---|
| Moderation | 2019-10-22 09時16分 (16 hours later) |
|---|
| Status | 已接受 |
|---|
| VulDB Entry | 144007 |
|---|