OneThird CMS CVE-2017-2124 Cross Site Scripting Vulnerability

OneThird CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

OneThird CMS 1.73 and prior versions are vulnerable.

Information

Bugtraq ID: 98604
Class: Input Validation Error
CVE: CVE-2017-2124

Remote: Yes
Local: No
Published: Mar 07 2017 12:00AM
Updated: May 23 2017 04:28PM
Credit: Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University.
Vulnerable: SpiQe Software OneThird CMS 1.73

Not Vulnerable:

Exploit

Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

References:

SpiQe Software Homepage (SpiQe Software)
JVN#13003724 OneThird CMS vulnerable to cross-site scripting (JPCERT)

Source: www.securityfocus.com

Exploit Collector

Search Exploit