CMS MADE SIMPLE FORGE

CMS Made Simple Core

 
Back Back to List

[#12111] XSS reflected in "showtime2 slideshow" module

avatar
Created By: Marco Nappi (mrcnpp)
Date Submitted: Sun Aug 25 06:08:50 -0400 2019

Assigned To:
Version: 2.2.4
CMSMS Version: 2.2.4
Severity: Major
Resolution: Invalid
State: Closed
Summary:
XSS reflected in "showtime2 slideshow" module
Detailed Description:
There  is an XSS reflected in the module named " showtime2 slideshow" the
parameter affected is m1_module_message

`http://<HOST>/admin/moduleinterface.php?mact=Showtime2%2Cm1_%2Caddslides%2C0&_sk_=8a5db6575606c958c74&m1_showid=1&m1_module_message=%3Csvg%20onload=alert()%3E

NB:works on FF not on chrome

Solution:sanitize the input encoding special characters into HTML entites


History

Comments
avatar 
Date: 2019-11-05 16:25
Posted By: Robert Campbell (calguy1000)

this is  not a CMSMS core issue
Updates

Updated: 2019-11-05 16:25
resolution_id: 5 => 9
state: Open => Closed

Updated: 2019-09-21 10:15
description: There is an XSS reflected in the module named " showtime2 slideshow" the parameter affected is m1_module_message `http:///admin/moduleinterface.php?mact=Showtime2%2Cm1_%2Caddslides%2C0&_sk_=8a5db6575606c958c74&m1_showid=1&m1_module_message=%3Csv => There is an XSS reflected in the module named " showtime2 slideshow" the parameter affected is m1_module_message `http:///admin/moduleinterface.php?mact=Showtime2%2Cm1_%2Caddslides%2C0&_sk_=8a5db6575606c958c74&m1_showid=1&m1_module_message=%3Csv
resolution_id: 9 => 5

Updated: 2019-09-21 09:49
resolution_id: 5 => 9

Updated: 2019-08-25 06:50
resolution_id: => 5
severity_id: 3 => 2