X3 CMS versions 0.5.1 and 0.5.1.1 suffer from cross site request forgery and cross site scripting vulnerabilities.
c0f412e75d49e1016a81bfc9b778be1b4b23e45e968f63e05b4d8159c3fdf6cc
Product: X3 CMS 0.5.1 & 0.5.1.1
Vendor: X3 CMS
Vulnerable Version(s): 0.5.1 and 0.5.1.1
Tested Version: 0.5.1.1
Vendor Notification: 2 Nov , 2014
Vendor Patch: 7 Nov, 2014
Advisory Publication: 8 Nov, 2014
Public Disclosure: 8 November , 2014
Vulnerability Type: CSRF + Reflected Cross Site Scripting
CVE Reference: Requested
Risk Level: High
Solution Status: Fixed by Vendor
Discovered and Provided By: Narendra Bhati ( https://hacktivity.websecgeeks.com )
Patch - Upgrade to X3 CMS 0.5.2
------------------------------------------------------------------------------------------------------------------------
Reported By - Narendra Bhati ( R00t Sh3ll)
Security Analyst @ Suma Soft Pvt. Ltd. , Pune ( India )IT Risk & Security Management Services , Pune ( India)
Facebook - https://facebook.com/narendradewsoft
twitter - https://www.twitter.com/NarendraBhatiNB
Blog - https://hacktivity.websecgeeks.com
Email - bhati.contact@gmail.com
-------------------------------------------------------------------------------------------------------------------------
Advisory Details:
Narendra Bhati discovered vulnerability in X3 CMS 0.5.2 , which can be exploited to perform Cross-Site Scripting (XSS) attacks Along With CSRF Vulnerability
--------------------------------------------------------------------------------------------------------------------------
1) Cross Site Request Forgery Protection (CSRF)
There was a CSRF vulnerability in the form submission in most controllers used in the admin area. This could be an issue if administrator is logged in to his account
-------------------------------------------------------------------------------------------------------------------------
2) Reflected Cross-Site Scripting (XSS) in MODX Revolution
There was an XSS vulnerability in the search_controller used in the public and private areas.
The exploitation example below uses the <script>alert(1)</script>
Vulnerable Parameter - "search"
------------------------------------------------------------------------------------------------------------------------
Solution:
Upgrade to Upgrade to X3 CMS 0.5.2
More Information:
Public Advisory By Vendor :- https://www.x3cms.net/en/news/article/8bb9a4f84d956653b4daa19ee7c529fa/x3_cms_0.5.2
Public Disclosure With Tecnical Details - https://hacktivity.websecgeeks.com/x3-cms-xss-and-csrf/
-----------------------------------------------------------------------------------------------