Subrion CMS 'search' Functionality Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is installed with Subrion CMS and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to Subrion CMS version 3.2.3 or later. For updates refer http://www.subrion.org/

Insight

This flaw exists due to insufficient sanitization of input to the 'Search' functionality before returning it to users.

Affected

Subrion CMS version 3.2.2 and possibly below.

Detection

Send a crafted request via HTTP GET request and check whether it is able to read cookie or not.

References

http://packetstormsecurity.com/files/129447/
http://www.osvdb.org/115599
https://www.netsparker.com/xss-vulnerability-in-subrion-cms

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-9120

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Struts2 'XWork' Information Disclosure Vulnerability
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
Apache Rave User Information Disclosure Vulnerability
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability

Take action and discover your vulnerabilities