ferretCMS– Multiple Cross-Site Scripting Vulnerability

# 
# ferretCMS– Multiple Cross-Site Scripting Vulnerability
## Information

Vulnerability Type : Cross Site Scripting Vulnerability
Vulnerable Version : 2.0.2-alpha
Vendor Homepage:https://github.com/JRogaishio/ferretCMS
CVE-ID : 
Severity : Medium
Author – Sachin Wagh (@tiger_tigerboy)
## Description 

ferretCMS is prone to Cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code 
in the browser of an unsuspecting user in the context of the affected site.
## Proof of Concept URL 

http://localhost/ferretCMS-master/admin.php

Parameter :

1.Username

http://localhost/ferretCMS-master/admin.php?type=customkey&action=insert&p=

Parameter :

1.key
2.value

http://localhost/ferretCMS-master/admin.php?type=template&action=insert&p=

Parameter :

1.path
2.file
3.title

Please find attached POC.
## Advisory Timeline

02-Jan-2016-Reported
## Credits & Authors

Sachin Wagh (@tiger_tigerboy)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ferretCMS– Multiple Cross-Site Scripting Vulnerability #67

ferretCMS– Multiple Cross-Site Scripting Vulnerability

Information

Description

Proof of Concept URL

Advisory Timeline

Credits & Authors

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

ferretCMS– Multiple Cross-Site Scripting Vulnerability #67

Description

ferretCMS– Multiple Cross-Site Scripting Vulnerability

Information

Description

Proof of Concept URL

Advisory Timeline

Credits & Authors

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions