Comsenz SupeSite CMS 7.0 Stored XSS (Cross-site Scripting) Security Vulnerabilities
Exploit Title: Comsenz SupeSite CMS 7.0 Stored XSS Security Vulnerabilities
Product: Supesite CMS (Content Management System)
Vendor: ComSenz
Vulnerable Versions: 6.0.1UC 7.0
Tested Version: 7.0
Advisory Publication: April 15, 2015
Latest Update: April 15, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
Discover and Reporter: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]
Proposition Details:
(1) Vendor & Product Description:
Vendor:
Comsenz
Product & Vulnerable Versions:
SupeSite 6.0.1UC
SupeSite 7.0
Vendor URL & Download:
SupeSite can be brought from here,
http://www.comsenz.com/products/other/supesite
http://www.comsenz.com/downloads/install/supesite#down_open
Source code:
http://www.8tiny.com/source/supesite/nav.html?index.html
Product Introduction Overview:
“SupeSite is an independent content management (CMS) function, and integrates Web2.0 community personal portal system X-Space, has a strong aggregation of community portal systems. SupeSite station can be achieved within the forum…
View original post 詳見內文:約297字