RCE Security Advisory http://ift.tt/1FlL0Pz 1. ADVISORY INFORMATION ======================= Product: XenForo ToggleME plugin Vendor URL: http://ift.tt/2cTEjR8 Type: Cross-Site Scripting [CWE-79] Date found: 2016-09-06 Date published: 2016-09-11 CVSSv3 Score: 5.5 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N) CVE: - 2. CREDITS ========== This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED ==================== ToggleME 3.1.2 older versions may be affected too. 4. INTRODUCTION =============== This addon will allow your users to collapse/expand some parts of your website: -forum categories -widgets -sidebar -sub-forums -postbit (*) -polls (*) (from the vendor's homepage) 5. VULNERABILITY DETAILS ======================== The script "/admin.php?options/list/toggleME" is vulnerable to multiple authenticated persistent Cross-Site Scripting vulnerabilities when user- supplied input is processed by the web application. Since the application does not properly validate and sanitize the user group title, the style title and the category title values, which can be configured in the XenForo backend, it is possible to place arbitrary script code permanently on the administrative interface of the plugin "Home > Options > ToggleME" ("/admin.php?options/list/toggleME"). User Group Title PoC
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment