Squiz CMS Multiple Cross-Site Scripting and XML External Entity Injection Vulnerabilities

vendor:

Squiz CMS

by:

SecurityFocus

7,5

CVSS

HIGH

Cross-Site Scripting and XML External Entity Injection

79, 611

CWE

Product Name: Squiz CMS

Affected Version From: 4.6.3

Affected Version To: 4.6.3

Patch Exists: YES

Related CWE: N/A

CPE: a:squiz:squiz_cms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2013

Squiz CMS Multiple Cross-Site Scripting and XML External Entity Injection Vulnerabilities

Squiz CMS is prone to multiple cross-site scripting vulnerabilities and an XML external entity injection vulnerability because it fails to properly sanitize user-supplied input. Attackers may exploit these issues to execute arbitrary code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, to perform XML based attacks (including local file disclosure), TCP port scans, and a denial of service (DoS) condition; other attacks are also possible.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to generate unexpected results in the application. Additionally, applications should be configured to disable the use of external entities.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/54049/info

Squiz CMS is prone to multiple cross-site scripting vulnerabilities and an XML external entity injection vulnerability because it fails to properly sanitize user-supplied input.

Attackers may exploit these issues to execute arbitrary code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, to perform XML based attacks (including local file disclosure), TCP port scans, and a denial of service (DoS) condition; other attacks are also possible.

Squiz CMS 4.6.3 is vulnerable; other versions may also be affected. 

http://www.example.com/_admin/?SQ_BACKEND_PAGE=main&backend_section=am&am_section=edit_asset"><script>alert(document.cookie)</script>&assetid=73&sq_asset_path=%2C1%2C73&sq_link_path=%2C0%2C74&asset_ei_screen=details [XSS]