Securin Zero-Days

CVE-2015-8606 – Reflected Cross-Site Scripting in SilverStripe CMS & Framework

Severity:High

Vendor

SilverStripe

Affected Product

SilverStripe

CVE

CVE-2015-8606

Securin ID

2015-CSW-09-1009

Status

Fixed

Date

November 5, 2015

Description

A cross-site scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a trusted web site. The application targets your users and not the application itself, but it uses your application as the vehicle for the attack. XSS payload is executed when the user tries to modify the value of the following mentioned variable in SilverStripe CMS & Framework v3.2.0 on 2 Places, whereas listed below along with screenshots for better understanding.

 1. Locale

2. FailedLoginCount

Proof of Concept (POC):

Issue 1: The POST Request of the variable Locale in the new member form is vulnerable to XSS.

Figure 1: XSS payload was injected in the Locale variable.

Figure 2: Injected payload was executed in the browser

Issue 2: The POST Request of the variable FailedLoginCount in the new member form is vulnerable to XSS

Figure 3: XSS payload is injected in the Locale variable.

Figure 4: Injected payload was executed in the browser

 

Impact

  • User’s session cookie & end-user files disclosure.
  • Hijack the user’s session & take over the account.
  • Installation of Trojan horse programs.
  • Redirection of the user to some other page or site.
  • Modification to the presentation of content

Remediations

Download the patch release advised as per the vendor.

Timeline

Nov 05, 2015: Vulnerability Disclosure in SilverStripe CMS & Framework and Reported
Nov 11, 2015: Vendor Response
Nov 16, 2015: Vendor Released Fix
Dec 12, 2015: Public disclosed
Dec 17, 2015: CVE Assigned

Let Securin level up your security posture!