-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stored Cross Site Scripting in Ektron CMS 8.7
CVE reference: CVE-2014-2729
Affected platforms: Ektron Web Content Management System
Version: 8.7.0
Date: 2013-December-19
Security risk: Medium (CVSS - AV:N/AC:L/Au:S/C:P/I:P/A:N)
Researcher: Joseph Zeng Xianbo
Vendor Status: Issue reported to be patched in Ektron CMS 8.7.0.055
SP2 Patch Update: 8.7.0.055.2.015).
=====================================================================
Description:
During an internal penetration test exercise for a client, a stored
Cross Site Scripting vulnerability was discovered in the HTTP parameter
‘category0’ of the affected webpage. The application stored the payload
and executed the payload when the page was loaded.
This vulnerability has been assigned CVE-2014-2729.
=====================================================================
Steps to demonstrate issue:
Note that repeating steps 7 to 8 and repeating the step 12 for the
corresponding parameters (e.g. 'category1', 'category2')
=====================================================================
Possible Impact
Malicious authenticated users could inject specially crafted
JavaScript code into multiple input fields of the affected form
(Add Discussion Board) which gets stored. When an administrative user
subsequently retrieves and views the records from the administrative
interface, the injected malicious JavaScript code will be executed
in his/her web browsers.
=====================================================================
Credits
This vulnerability was discovered by Joseph Zeng Xianbo
=====================================================================
History (GMT +8)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJTTokOAAoJEC7dR+igIW6kRf0H/34IM2qxQraoAXlHe0PjAqA+
3dkgrDQxNy0cpnYJ6yFTq4j55UdYBQHRDUCAxZTztCVwUpDKUC+CrYAFYTdBQrDh
4fQUL0BLDTsD6SOO61mY0M+/ZEywrLNzB7kYc4P9Er4BCVFQwJ00teCD5NP8L6dZ
Upzux8rdO7MlBsngfSOGxjzfdxNNwZJyGet5b4zej7uniwE5EHlyFVEpLgOd0Sua
9qEg7Y8V/IHoWiRX2yapvliQDmoSi9qLHxuPNiAFkHJ6qqR7UvwnuxdLlzsFCvQn
EHC7MVk2wcyPEjzTLCDxmt6U9qHju8kqRA2SZYQPEGsl3McfZLyrvXN8lZHCV+I=
=iInp
-----END PGP SIGNATURE-----