← Advisories

u5CMS 3.9.3 Multiple Stored And Reflected XSS Vulnerabilities

Medium

Advisory ID

ZSL-2015-5223

Release Date

09 February 2015

Vendor

Stefan P. Minder - http://www.yuba.ch

Affected Version

3.9.3 and 3.9.2

CVE

CVE-2015-1575

Tested On

Apache 2.4.10 (Win32), PHP 5.6.3, MySQL 5.6.21

Summary

u5CMS is a little, handy Content Management System for medium-sized websites, conference / congress / submission administration, review processes, personalized serial mails, PayPal payments and online surveys based on PHP and MySQL and Apache.

Description

u5CMS suffers from multiple stored and reflected cross-site scripting vulnerabilities. Input passed to several POST and GET parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Proof of Concept

u5cms_xss.txtTXT

Disclosure Timeline

29.12.2014Vulnerabilities discovered.

04.02.2015Contact with the vendor.

04.02.2015Vendor replies asking more details.

05.02.2015Sent details to the vendor.

06.02.2015Vendor releases version 3.9.4 to address these issues.

09.02.2015Coordinated public security advisory released.

Credits

Vulnerability discovered by Gjoko Krstic

References