Advisory ID: HTB23205 Product: CMSimple Vendor: Preben Bjorn Biermann Madsen Vulnerable Version(s): 3.54 and probably prior Tested Version: 3.54 Advisory Publication: February 26, 2014 [without technical details] Vendor Notification: February 26, 2014=20 Vendor Patch: February 26, 2014=20 Public Disclosure: March 19, 2014=20 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-2219 Risk Level: Medium=20 CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://w= ww.htbridge.com/advisory/ )=20 ---------------------------------------------------------------------------= -------------------- Advisory Details: High-Tech Bridge Security Research Lab discovered vulnerability in CMSimple= , which can be exploited to perform Cross-Site Scripting (XSS) attacks. 1) Reflected Cross-Site Scripting (XSS) in CMSimple: CVE-2014-2219 The vulnerability exists due to insufficient sanitisation of user-supplied = data in "d" HTTP GET parameter passed to "/whizzywig/wb.php" script. A remo= te attacker can trick a logged-in user to open a specially crafted link and= execute arbitrary HTML and script code in browser in context of the vulner= able website. The exploitation example below uses the JavaScript "alert()" function to di= splay "immuniweb" word: http://[host]/whizzywig/wb.php?d=3D%27%3E%3Cscript%3Ealert%28%27immuniweb%2= 7%29;%3C/script%3E ---------------------------------------------------------------------------= -------------------- Solution: Fixed by vendor on February 26, 2014 directly in the source code without ve= rsion modification/new release. Update to the version 3.54 released after F= ebruary 26, 2014. More Information: http://sourceforge.net/projects/cmsimple-le/files/cmsimple_classic/ ---------------------------------------------------------------------------= -------------------- References: [1] High-Tech Bridge Advisory HTB23205 - https://www.htbridge.com/advisory/= HTB23205 - Cross-Site Scripting (XSS) in CMSimple. [2] CMSimple - http://cmsimple.p2pnation.eu/ - CMSimple is a content manage= ment system primarily designed for easy creation and maintenance of small c= ommercial sites, or sites for associations and individuals. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - in= ternational in scope and free for public use, CVE=C2=AE is a dictionary of = publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to = developers and security practitioners, CWE is a formal list of software wea= kness types. [5] ImmuniWeb=C2=AE - https://portal.htbridge.com/ - is High-Tech Bridge's = proprietary web application security assessment solution with SaaS delivery= model that combines manual and automated vulnerability testing. ---------------------------------------------------------------------------= -------------------- Disclaimer: The information provided in this Advisory is provided "as is" a= nd without any warranty of any kind. Details of this Advisory may be update= d in order to provide as accurate information as possible. The latest versi= on of the Advisory is available on web page [1] in the References.