A cross-site scripting vulnerability was identified on the Bedita CMS 3.6.0 Publication module. An XSS attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI.
Securin Zero-Days
CVE-2015-9260 – Reflected Cross-Site Scripting in BEdita
Severity:High
Vendor
BEdita
Affected Product
BEdita
CVE
CVE-2015-9260
Securin ID
2015-CSW-10-1010
Status
Fixed
Date
October 14, 2015
Description
Proof of Concept (POC):
Issue: The POST request URL http://192.168.56.104/bedita/beditaapp/pages/showObjects/2/0/0/leafs of Bedita CMS 3.6.0 is vulnerable to Cross-Site Scripting (XSS).
.png)
Figure 01: XSS Payload injected in the given URL http://192.168.56.104/bedita/beditaapp/pages/showObjects/2/0/0/leafs is reflected back in the response.
.png)
Figure 02: XSS Payload gets executed in the browser.
Impact
If an attacker can control a script that is executed in the victim’s browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.
Remediations
Download the latest updated version of Bedita and apply the update as per vendor advisory.
Timeline
Oct 14, 2015: Reported to Vendor
Oct 14, 2015: Vendor Responded
Oct 15, 2015: Vendor Responded “Under Investigation”
Oct 31, 2015: Follow up Email
Dec 11, 2015: Vendor Released Fixed
Apr 07, 2018: CVE Assigned