CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerability

Computer-discount-code

 

CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerability

 
Exploit Title: Smartwebsites SmartCMS v.2 Multiple XSS Security Vulnerabilities
Product: SmartCMS v.2
Vendor: Smartwebsites
Vulnerable Versions: v.2
Tested Version: v.2
Advisory Publication: Jan 22, 2015
Latest Update: Jan 22, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9557
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [MAS, Nanyang Technological University (NTU), Singapore]

 

 

Advisory Details:

 

(1) Vendor & Product Description
Vendor: Smartwebsites
Product & Version: SmartCMS v.2
Vendor URL & Download:
http://www.smartwebsites.com.cy/index.php?pageid=13&lang=en
Product Description: “SmartCMS is one of the most user friendly and smart content management systems there is in the Cyprus market. It makes the content management of a webpage very easy and simple, regardless of the user’s technical skills.”

 

(2) Vulnerability Details:
SmartCMS v.2 has a security vulnerability. It can be exploited by XSS attacks.
(2.1) The first vulnerability occurs at “index.php?” page with “pageid” “lang” multiple parameters.
(2.2) The second vulnerability occurs at “sitemap.php?” page with “pageid” “lang” multiple parameters.

 

 

 

 

References:
http://www.tetraph.com/security/cves/cve-2014-9557-smartcms-multiple-xss-cross-site-scripting-security-vulnerability/
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9557
http://packetstormsecurity.com/files/130076/SmartCMS-2-Cross-Site-Scripting.html
http://en.hackdig.com/?13971.htm
http://cxsecurity.com/issue/WLB-2015010130
https://hackertopic.wordpress.com/2015/02/11/cve-2014-9557-smartcms-multiple-xss-cross-site-scripting-security-vulnerability/
http://cve.scap.org.cn/CVE-2014-9557.html
http://securitypost.tumblr.com/post/110696783722/itinfotech-cve-2014-9557-smartcms-multiple-xss
http://exploitarchive.com/smartcms-2-cross-site-scripting/
http://webtechhut.blogspot.com/2015/02/cve-2014-9557-smartcms-multiple-xss.html
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1502
http://blog.163.com/greensun_2006/blog/static/11122112201511105129826/
http://itsecurity.lofter.com/post/1cfbf9e7_5c3a4a8

 

 

 

Leave a comment

你的電子郵件位址並不會被公開。 必要欄位標記為 *

你可以使用這些 HTML 標籤與屬性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>