Jahia xCM – ‘/engines/manager.jsp?site’ Cross-Site Scripting

Exploit Database
161 阅读

作者： High-Tech Bridge

日期： 2013-07-31
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/38682/

source: https://www.securityfocus.com/bid/61571/info

Jahia xCM is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

An attacker could exploit these vulnerabilities to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Jahia xCM 6.6.1.0 r43343 is vulnerable; other versions may also be affected.

http://www.example.com/engines/manager.jsp?conf=repositoryexplorer&site=%3C/script%3E%3Cscript%3Ealert%28docu ment.cookie%29;%3C/script%3E

last Exploits
Jahia xCM – ‘/engines/manager.jsp?site’ Cross-Site Scripting的更多信息

Openlitespeed WebServer 1.7.8 – Command Injection (Authenticated) (2)：
Ultimate Project Manager CRM PRO Version 2.0.5 – SQLi (Authenticated)：
FileContral – Local File Inclusion / Local File Disclosure：
Joomla! Component com_clanlist – SQL Injection：
Kados R10 GreenBee – ‘release_id’ SQL Injection：
WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection：
Joomla! Component com_worldrates – Local File Inclusion：
Gecko CMS 2.3 – Multiple Vulnerabilities：