BugTraq
Mura CMS Cross-Site Scripting (XSS) Vulnerability May 03 2017 09:27AM
Leon Zhao 7 gmail com
Credits
===============
Zhao Liang, Huawei Weiran Labs

Vendor:
===============
Blue River Interactive Group

Product:
========================
Mura CMS

Mura CMS is built with one focused purpose in mind - to make it easier and faster for people to build and maintain even the most ambitious websites.

Vulnerability Type:
================================
XSS

CVE Reference:
==============
CVE-2017-8302

Vulnerability Details:
=====================
Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/views/cusers/inc/dsp_search_form.cfm, admin/core/views/cusers/inc/dsp_users_list.cfm, admin/core/views/cusers/list.cfm, and admin/core/views/cusers/listusers.cfm.

Exploitation Technique:
=======================
Remote

Severity Level:
===============
High

Best Regards,
Zhao Liang, Huawei Weiran Labs

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus