Subrion CMS 'search' Functionality Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is installed with Subrion CMS and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to Subrion CMS version 3.2.3 or later. For updates refer http://www.subrion.org/

Insight

This flaw exists due to insufficient sanitization of input to the 'Search' functionality before returning it to users.

Affected

Subrion CMS version 3.2.2 and possibly below.

Detection

Send a crafted request via HTTP GET request and check whether it is able to read cookie or not.

References

http://packetstormsecurity.com/files/129447/
http://www.osvdb.org/115599
https://www.netsparker.com/xss-vulnerability-in-subrion-cms

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-9120

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
Apache Struts Cross Site Scripting Vulnerability
Apache Tomcat TroubleShooter Servlet Installed
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
Apache Rave User Information Disclosure Vulnerability

Take action and discover your vulnerabilities