Sefrengo CMS version 1.6.0 suffers from a cross site scripting vulnerability.
82b880a1d59e56fc12889e13abf84b6cfa6e85f85e486bf1b0a2fcc3729532eb
Advisory: Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0
Advisory ID: SROEADV-2014-06
Author: Steffen Rösemann
Affected Software: CMS Sefrengo v.1.6.0
Vendor URL: https://www.sefrengo.org/
Vendor Status: solved
CVE-ID: -
==========================
Vulnerability Description:
==========================
The CMS Sefrengo v. 1.6.0 contains a reflecting XSS vulnerability in its
administrative backend.
==================
Technical Details:
==================
The CMS Sefrengo v.1.6.0 contains a reflecting XSS vulnerability in its
administrative backend, which resides in the main.php file:
https://{TARGET}/backend/main.php?area=user&idgroup=0&order=&ascdesc=ASC&searchterm=&page=1
Via the parameter "searchterm", an attacker is able to craft a link with
arbitrary HTML- and/or JavaScript-code which gets executed, if clicked on.
Exploit-Example:
https://{TARGET}/backend/main.php?area=user&idgroup=0&order=&ascdesc=ASC&searchterm=<script>alert(document.cookie)</script><!--&page=1
=========
Solution:
=========
Update to the latest version.
====================
Disclosure Timeline:
====================
28-Dec-2014 – found the vulnerability
28-Dec-2014 - informed the developers
28-Dec-2014 – release date of this security advisory [without technical
details]
04-Jan-2015 - patch by vendor
04-Jan-2015 - release date of this security advisory
04-Jan-2015 - post to lists
========
Credits:
========
Vulnerability found and advisory written by Steffen Rösemann.
===========
References:
===========
https://www.sefrengo.org/
https://sroesemann.blogspot.de