Title corrected Symfony CMS to Symphony CMS.
================================================================ Symphony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability ================================================================ Information -------------------- Vulnerability Type : Cross Site Scripting Vulnerability Vulnerable Version : 2.6.3 CVE-ID : CVE-2015-8376 Severity: Medium Author – Sachin Wagh (@tiger_tigerboy) Description -------------------- Symphony CMS is prone to Multiple a Cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Proof of Concept URL -------------------- http://localhost/symphony2.6.3/symphony-2.6.3/symphony/blueprints/sections/edit/1/ Advisory Information: ================================================ Symphony CMS XSS Vulnerability Severity Level: ========================================================= Med Description: ========================================================== Vulnerable Product: [+] Symphony CMS 2.6.3 Vulnerable Parameter(s): [+] Name [+] Nevigation Group [+] Label Affected Area(s): [+] http://localhost/symphony2.6.3/symphony-2.6.3/symphony/blueprints/sections/edit/1/ Advisory Timeline -------------------- 28-Nov-2015-Reported 6-Dec-2015-Vulnerability Published Credits & Authors -------------------- Sachin Wagh (@tiger_tigerboy) On Sun, Dec 6, 2015 at 8:18 PM, Sachin Wagh <[email protected]> wrote: > ================================================================ > Symfony CMS 2.6.3 – Multiple Cross-Site Scripting Vulnerability > ================================================================ > > Information > -------------------- > > Vulnerability Type : Cross Site Scripting Vulnerability > Vulnerable Version : 2.6.3 > CVE-ID : CVE-2015-8376 > Severity: Medium > Author – Sachin Wagh (@tiger_tigerboy) > > Description > -------------------- > > symphony CMS is prone to Multiple a Cross-site scripting vulnerability > because it fails to sanitize user-supplied input. An attacker may leverage > this issue to execute arbitrary script code > in the browser of an unsuspecting user in the context of the affected site. > > Proof of Concept URL > -------------------- > > > http://localhost/symphony2.6.3/symphony-2.6.3/symphony/blueprints/sections/edit/1/saved/ > > Advisory Information: > ================================================ > Symphony CMS XSS Vulnerability > > Severity Level: > ========================================================= > Med > > Description: > ========================================================== > > Vulnerable Product: > [+] Symphony CMS 2.6.3 > > Vulnerable Parameter(s): > [+] Name > [+] Nevigation Group > [+] Label > > Affected Area(s): > [+] > http://localhost/symphony2.6.3/symphony-2.6.3/symphony/blueprints/sections/edit/1/ > > Advisory Timeline > -------------------- > > 28-Nov-2015-Reported > 6-Dec-2015-Vulnerability Published > > Credits & Authors > -------------------- > Sachin Wagh (@tiger_tigerboy) > > -- > Best Regards, > > *Sachin Wagh* > Security Consultant > m: +91 75 888 644 81 > w: secur1tyadvisory.wordpress.com > > -- Best Regards, *Sachin Wagh* Security Consultant m: +91 75 888 644 81 w: secur1tyadvisory.wordpress.com _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
