Home / os / winmobile

Mura CMS 7.0.6967 Cross Site Scripting

Posted on 04 May 2017

Credits =============== Zhao Liang, Huawei Weiran Labs Vendor: =============== Blue River Interactive Group Product: ======================== Mura CMS Mura CMS is built with one focused purpose in mind - to make it easier and faster for people to build and maintain even the most ambitious websites. Vulnerability Type: ================================ XSS CVE Reference: ============== CVE-2017-8302 Vulnerability Details: ===================== Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/views/cusers/inc/dsp_search_form.cfm, admin/core/views/cusers/inc/dsp_users_list.cfm, admin/core/views/cusers/list.cfm, and admin/core/views/cusers/listusers.cfm. Exploitation Technique: ======================= Remote Severity Level: =============== High Best Regards, Zhao Liang, Huawei Weiran Labs

 

TOP

Malware :