FCMS_2.7.2 cms and earlier multiple stored XSS Vulnerability

vendor:

Family Connections

by:

Ahmed Elhady Mohamed

7.5

CVSS

HIGH

Stored XSS

CWE

Product Name: Family Connections

Affected Version From: 2.7.2002

Affected Version To: 2.7.2002

Patch Exists: NO

Related CWE: N/A

CPE: a:fam-connections:family_connections:2.7.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP Sp2 En

2011

FCMS_2.7.2 cms and earlier multiple stored XSS Vulnerability

When installing FCMS_2.7.2 cms, if all optional sections are installed, an attacker can inject JavaScript code into the 'reply' field on the 'messageboard.php?thread=1' page, the 'text area' field on the 'familynews.php?addnews=yes' page, the 'pray for' field on the 'prayers.php' page, the 'name' field on the 'recipes.php?add=category' page, and the 'Event' field on the 'calendar.php?add=2011-12-2' page. Additionally, reflected XSS can be achieved on the 'calendar.php?add=2011-12-7' and 'gallery/index.php?uid' pages.

Mitigation:

Ensure that all input is properly sanitized and validated before being used in the application.

Source

Exploit-DB raw data:

FCMS_2.7.2 cms and earlier multiple stored XSS Vulnerability
===================================================================================
# Exploit Title: FCMS_2.7.2 cms multiple stored XSS Vulnerability

Download link :http://sourceforge.net/projects/fam-connections/files/Family%20Connections/2.7.2/FCMS_2.7.2.zip/download

# Author: Ahmed Elhady Mohamed

# Category:: webapps

# Tested on: windows XP Sp2 En

===================================================================================



#First we must install all optional sections during installation process.

        #############################################Stored XSS################################################################


         page : messageboard.php?thread=1	

	 decription: if you ADD javascript code in " reply " field , the code will execute in " profile.php?member=1 " page.


	page : familynews.php?addnews=yes

	description : when you add news you can put js in " text area " field to execute


	page : prayers.php

	description : when you add prayer  ,you can inject js in "pray for" field as "<script>alert(/xss/)</script>"


	page : recipes.php?add=category

	description : insert in "name" field  "><script>alert(/xss/)</script> , it will execute at "recipes.php?addrecipe=yes" page

	
	page : calendar.php?add=2011-12-2

	description : when add an event, insert in "Event" field ("<script>alert(/xss/)</script>")
	
	it will execute at  "calendar.php" page

	################################Reflected XSS#################################################################################

	These pages have reflected xss .
	
	calendar.php?add=2011-12-7%22%3E%3Cscript%3Ealert%28/family/%29%3C/script%3E

	gallery/index.php?uid=%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E
 	##############################################################################################################################