A cross-site scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a trusted web site. The application targets your application’s users and not the application itself, but it uses your application as the vehicle for the attack. Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc.
Securin Zero-Days
CVE-2015-8766 – Reflected Cross-Site Scripting in Symphony CMS
Severity:Medium
Vendor
Symphony
Affected Product
Symphony
CVE
CVE-2015-8766
Securin ID
2015-CSW-08-1001
Status
Fixed
Date
November 3, 2015
Description
Proof of Concept (POC):
Issue 1: The POST Request of the variable email_sendmail[from_name] in the preference form is vulnerable to XSS. Similarly, the rest of the variables are also vulnerable.
Figure 1: XSS payload is injected in email_sendmail[from_name] variable
Figure 2: Injected payload was executed in the browser.
Figure 3: XSS payload in email_sendmail[from_address] variable
Figure 4: Injected payload was executed in the browser
Figure 5: XSS payload injected in email_smtp[from_name] variable
Figure 6: Injected payload was executed in the browser
Note: Similarly, all the other mentioned variables are vulnerable to Cross-Site Scripting (XSS)
Impact
- User’s session cookie & end-user files disclosure.
- Hijack the user’s session & take over the account.
- Installation of Trojan horse programs.
- Redirection of the user to some other page or site.
- Modification to the presentation of content.
- Malicious script permanently stored on the server.
Remediations
Download and apply the following patch provided by the vendor:
Timeline
Nov 02, 2015: Vulneraility Discovered in Symphony CMS
Nov 03, 2015: Reported to Vendor
Nov 05, 2015: Vendor Response
Dec 10, 2015: Vendor Released Fixed version
Dec 12, 2015: Public Disclosed
Jan 06, 2016: CVE Assigned