BugTraq
Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS Feb 21 2018 05:38AM
preethiknambiar gmail com
1. Introduction

Vendor : Yab
Affected Product : Quarx through 2.4.3
Fixed in : Quarx 2.4.5 and 2.4.6
Vendor Website : https://quarxcms.com/
Vulnerability Type : Persistent XSS
Remote Exploitable : Yes
CVE External Identifier : CVE-2018-7274

2. Technical Description

There are multiple Persistent XSS vulnerabilities in Quarx Content Management System. These vulnerabilities exists
due to insufficient sanitization of user-supplied data.

3. Affected pages and parameters:

Blog -> 'Title'
FAQ -> 'Question'
Pages -> 'Title'
Widgets -> 'Name'
Menus -> 'Name'

5. Credit

Preethi Koroth (@p3core0ath)

6. Reference:
https://github.com/YABhq/Quarx/issues/115

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus