Edgescan finds Critical WordPress Plugin Vulnerabilities – Here’s All You Need To Know


Edgescan’s Senior Security Consultant Guram Javakhishvili has discovered several vulnerabilities across a number of popular applications. Some of these are not yet publicly available. As soon as the vendor implements the fixes, those issues will also be added to this list and article will be updated accordingly.

CMS Made Simple 2.2.13

CMS made simple

CMS Made Simple is a Content Management System that was first released in July 2004 as an open source General Public License (GPL) package. It is currently used in both commercial and personal projects. It’s built using PHP and the Smarty Engine, which keeps content, functionality, and templates separated.

Guram discovered 5 vulnerabilities in CMS Made Simple 2.2.13. Three are resolved in the latest update 2.2.14 and 2 are outstanding.

  1. Reflected Cross-Site Scripting #12224 – CMS Made Simple 2.2.13

Issue: Insufficient validation of user input on the authenticated part of the CMS MadeSimple web application exposes the application to Reflected cross site scripting (XSS) vulnerability. These vulnerabilities enable potentially dangerous input from the user to be accepted by the application and then embedded back in the HTML response of the page returned by the web server.

List of vulnerable parameter: m1_newdirname

Severity: Minor

Resolution: Fixed in 2.2.14

Detailed description of this bug: http://dev.cmsmadesimple.org/bug/view/12224

  1. Reflected Cross-Site Scripting #12225 – CMS Made Simple 2.2.13

Issue: Insufficient validation of user input on the authenticated part of the CMS Made Simple web application exposes the application to Reflected cross site scripting (XSS) vulnerability. These vulnerabilities enable potentially dangerous input from the user to be accepted by the application and then embedded back in the HTML response of the page returned by the web server.

List of vulnerable parameter: m1_name

Severity: Minor

Resolution: Fixed in 2.2.14

Detailed description of this bug: http://dev.cmsmadesimple.org/bug/view/12225

  1. Stored Cross-Site Scripting #12226 – CMS Made Simple 2.2.13

Insufficient validation of user input on the authenticated part of the CMS Made Simple web application exposes the application to persistent cross site scripting (XSS) vulnerabilities. These vulnerabilities enable potentially dangerous input from the user to be accepted by the application and then embedded back in the HTML response of the page returned by the web server. When the content being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.

List of vulnerable parameters: metadata, pagedata

Severity: Critical

Resolution: Fixed in 2.2.14

Detailed description of this bug: http://dev.cmsmadesimple.org/bug/view/12226

  1. Stored Cross-Site Scripting #12227 – CMS Made Simple 2.2.13

These vulnerabilities enable potentially dangerous input from the user to be accepted by the application and then embedded back in the HTML response of the page returned by the web server. When the User/User’s Preferences being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.

List of vulnerable parameters: date_format_string

Severity: Minor

Resolution: Fixed in 2.2.14

Detailed description of this bug: http://dev.cmsmadesimple.org/bug/view/12227

  1. Stored Cross-Site Scripting #12228 – CMS Made Simple 2.2.13

These vulnerabilities enable potentially dangerous input from the user to be accepted by the application and then embedded back in the HTML response of the page returned by the web server. When the News being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.

List of vulnerable parameters: m1_title

Severity: Critical

Resolution: Fixed in 2.2.14

Detailed description of this bug: http://dev.cmsmadesimple.org/bug/view/12228

Limesurvey

LimeSurvey

LimeSurvey is a free and open source on-line statistical survey web app written in PHP.  As a web server-based software it enables users using a web interface to develop and publish on-line surveys, collect responses, create statistics, and export the resulting data to other applications.

Guram discovered three vulnerabilities in LimeSurvey 3.21.1 which have been fixed in the latest version 3.21.2.

  1. Cross Site Scripting Stored #15680 – LimeSurvey 3.21.1

LimeSurvey latest version 3.21.1 & LimeSurvey development version 4.0.0 suffer from reflective and persistent (Stored) cross site scripting and html injection vulnerabilities.
Insufficient validation of user input on the authenticated part of the Limesurvey application exposes the application to persistent cross site scripting (XSS) vulnerabilities.
These vulnerabilities enable potentially dangerous input from the user to be accepted by the application and then embedded back in the HTML response of the page returned by the web server.

List of vulnerable parameters: firstname, lastname

Resolution: Fixed in 3.21.2

Detailed description of this bug: https://bugs.limesurvey.org/view.php?id=15680

  1. Cross Site Scripting Stored #15681- LimeSurvey 3.21.1

Insufficient validation of user input on the authenticated part of the Limesurvey application exposes the application to persistent cross site scripting (XSS) vulnerabilities.
These vulnerabilities enable potentially dangerous input from the user to be accepted by the application and then embedded back in the HTML response of the page returned by the web server.

List of vulnerable parameters: Quota%5Bname%5D

Resolution: Fixed in 3.21.2

Detailed description of this bug: https://bugs.limesurvey.org/view.php?id=15681

  1. Cross Site Scripting #15672 – LimeSurvey 3.21.1

Insufficient validation of user input on the authenticated part of the Limesurvey application exposes the application to persistent cross site scripting (XSS) vulnerabilities.
These vulnerabilities enable potentially dangerous input from the user to be accepted by the application and then embedded back in the HTML response of the page returned by the web server.

List of vulnerable parameters: ParticipantAttributeNamesDropdown

Resolution: Fixed in 3.21.2

Detailed description of this bug: https://bugs.limesurvey.org/view.php?id=15672

Steps you should take to secure your CMS applications from hacking

Here’s the list of steps to tackle and prevent attacks against your CMS:

  • Crucially important to keep your installed scripts and CMS platforms up to date. Create a regular schedule to update or patch your CMS, and all installed plugins and themes. Ensure all components are up-to-date.
  • At a minimum weekly update is equally important. Regularly backup the CMS and its underlying database.
  • Subscribe to a regularly-updated list of vulnerabilities for the specific CMS being used.
  • Avoid use of default usernames (e.g., ‘admin’) enforce strong password policy for your CMS’s admin area and server to protect them from the brute force attacks.
  • Use a plugin for strong authentication, or two-factor authentication (2FA) for an additional layer of protection.
  • Use another layer of protection (WAF) Web Application Firewall, which automatically protects against all or most of the vulnerabilities. Install security plugins to actively prevent hacking attempts. It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. These plugins notify the weaknesses inherent in each platform and halt the hacking attempts that could threaten your application. WAFs may come in the form of an appliance, server plugin, or filter, and may be customized to an application.
  • More training and resources available from Edgescan blog post, ‘Secure Application Development Training Material’.

 

“Cross Site Scripting (XSS) was discovered in 1999 and is massively prevalent across web applications today.  Cross site scripting flaws are the most prevalent flaw in web applications today. Over 12% of vulnerabilities across the fullstack were attributed to XSS in the Edgescan 2020 Vulnerability Stats Report.



Source link

Recent articles

COVID-19’s next threat to your 401(k)

It is insane that our tax-deferred retirement plans depend on our employers, and we’ve got...

Trump’s Executive Orders Would Ban TikTok And WeChat In 45 Days

Photo: Martin Bureau (Getty Images)The Trump administration’s battle against the imminent threat of Chinese apps finally reached a...

How to restore your OneDrive files to a previous time

You can undo changes to files on OneDrive in the event of a synchronization problem. ...

15:30:45:60 – A Wait Time Discussion of Magic Kingdom

Editor’s Note: Some of the images that are displayed throughout this article were taken prior to the establishment of any new operational guidelines...

US: Trump’s attacks on mail-in votes could cost Republicans | News

With less than 90 days until election day, Republicans are scrambling to counter the effects of United States President Donald Trump's verbal war...

Leave a reply

Please enter your comment!
Please enter your name here