[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Stored XSS vulnerability in diafan.CMS
: Vulnerability ID: HTB22776
: Reference: http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_diafan_cms.html
: Product: diafan.CMS
: Vulnerability Details:
: The vulnerability exists due to failure in the
: "http://host/admin/site/save2/" script to properly sanitize
: user-supplied input in "text" variable. Successful exploitation of this
: vulnerability could result in a compromise of the application, theft of
: cookie-based authentication credentials, disclosure or modification of
: sensitive data.
This is the site editor functionality, correct? This requires
administrative access and is *designed* to allow the admin to enter any
HTML or script code desired.
If an attacker can access this page, couldn't they do other bad things? Is
there really a crossing of privilege boundary here?