BlackCat CMS 'cattranslate. php' Cross-Site Scripting Vulnerability

BlackCat CMS 'cattranslate. php' Cross-Site Scripting Vulnerability

Released on: 2014-09-03
Updated on: 2014-09-04

Affected Systems:
BlackCat CMS 1.0.3
BlackCat CMS
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69551
CVE (CAN) ID: CVE-2014-5259

BlackCat CMS is a content management system.

BlackCat CMS 1.0.3 and other versions are not passed to "/modules/lib_jquery/plugins/cattranslate. with the http get parameter of php "script" msg ", remote attackers can trick logged-on users to open the constructed link and execute arbitrary HTML and script code in the context of the affected application.

<* Source: High-Tech Bridge Security Research Lab
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.example.com/modules/lib_jquery/plugins/cattranslate/cattranslate.php? Msg = % 3Csc rept % 3 Ealert % 28/immuniweb/% 29; % 3C/script % 3E

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

BlackCat CMS
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://blackcat-cms.org/

This article permanently updates the link address: