vendor:
vBSEO
by:
MaXe (@InterN0T)
8.8
CVSS
HIGH
Persistent XSS
79
CWE
Product Name: vBSEO
Affected Version From: 3.5.2002
Affected Version To: 3.2.2002
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Most likely all versions
2010
vBSEO – Persistent XSS via LinkBacks
vBSEO is prone to persistent XSS due to insufficient sanitization of the titles on external websites vBSEO reads. ModCP & AdminCP has the following features affected: 'Moderate LinkBacks', 'Incoming LinkBacks', 'Outgoing LinkBacks'. After clicking the link, which the attacker has to do, vBSEO will initiate a GET-requested to the target and will then save the linkback if enabled, in either the incoming linkback list or the moderation queue. By default all linkbacks are enabled and this linkback is known as the 'RefBack'. (vBSEO checks the Referrer.)
Mitigation:
The vendor is still working on a patch even though it is very simple to patch. File: /modcp/vbseo_moderate.php Lines: 276 or 274 (depends on version), 230, 178, 112 are vulnerable. Details: Look for '$pback[t_title]' which is the major cause of this vulnerability.