Comsenz SupeSite CMS Stored XSS (Cross-site Scripting) Security Vulnerabilities

computer pitch

Comsenz SupeSite CMS 7.0 Stored XSS (Cross-site Scripting) Security Vulnerabilities

Exploit Title: Comsenz SupeSite CMS 7.0 Stored XSS Security Vulnerabilities

Product: Supesite CMS (Content Management System)

Vendor: ComSenz

Vulnerable Versions: 6.0.1UC 7.0

Tested Version: 7.0

Advisory Publication: April 15, 2015

Latest Update: April 15, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Discover and Reporter: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Proposition Details:

(1) Vendor & Product Description:

Vendor:

Comsenz

Product & Vulnerable Versions:

SupeSite 6.0.1UC

SupeSite 7.0

Vendor URL & Download:

SupeSite can be brought from here,

http://www.comsenz.com/products/other/supesite

http://www.comsenz.com/downloads/install/supesite#down_open

Source code:

http://www.8tiny.com/source/supesite/nav.html?index.html

Product Introduction Overview:

“SupeSite is an independent content management (CMS) function, and integrates Web2.0 community personal portal system X-Space, has a strong aggregation of community portal systems. SupeSite station can be achieved within the forum…

View original post 詳見內文：約297字