Advisory: Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0
Advisory ID: SROEADV-2014-06
Author: Steffen Rösemann
Affected Software: CMS Sefrengo v.1.6.0
Vendor URL: http://www.sefrengo.org/
Vendor Status: solved
CVE-ID: -

==========================
Vulnerability Description:
==========================

The CMS Sefrengo v. 1.6.0 contains a reflecting XSS vulnerability in its
administrative backend.

==================
Technical Details:
==================

The CMS Sefrengo v.1.6.0 contains a reflecting XSS vulnerability in its
administrative backend, which resides in the main.php file:

http://{TARGET}/backend/main.php?area=user&idgroup=0&order=&ascdesc=ASC&searchterm=&page=1


Via the parameter "searchterm", an attacker is able to craft a link with
arbitrary HTML- and/or JavaScript-code which gets executed, if clicked on.

Exploit-Example:

http://{TARGET}/backend/main.php?area=user&idgroup=0&order=&ascdesc=ASC&searchterm=<script>alert(document.cookie)</script><!--&page=1



=========
Solution:
=========

Update to the latest version.


====================
Disclosure Timeline:
====================
28-Dec-2014 – found the vulnerability
28-Dec-2014 - informed the developers
28-Dec-2014 – release date of this security advisory [without technical
details]
04-Jan-2015 - patch by vendor
04-Jan-2015 - release date of this security advisory
04-Jan-2015 - post to lists


========
Credits:
========

Vulnerability found and advisory written by Steffen Rösemann.

===========
References:
===========

http://www.sefrengo.org/
http://sroesemann.blogspot.de