CVE-2015-1475 - My Little Forum Multiple XSS Web Security Vulnerabilities

CVE-2015-1475  - My Little Forum Multiple XSS Web Security Vulnerabilities

Exploit Title: My Little Forum Multiple XSS Web Security Vulnerabilities

Vendor: My Little Forum

Product: My Little Forum

Vulnerable Versions: 2.3.3  2.2  1.7

Tested Version: 2.3.3  2.2  1.7

Advisory Publication: February 04, 2015

Latest Update: February 11, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2015-1475

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Credit: Jing Wang [School of Mathematical Sciences (001), University of Science and Technology of China (USTC)] (@justqdjing)

Caution Details:

(1) Vendor & Product Description

Vendor:

My Little Forum

Product & Version:

My Little Forum

2.3.3

2.2

1.7

Vendor URL & Download:

http://mylittleforum.net/

Product Description:

“my little forum is a simple PHP and MySQL based internet forum that displays the messages in classical threaded view (tree structure). It is Open Source licensed under the GNU General Public License. The main claim of this web forum is simplicity. Furthermore it should be easy to install and run on a standard server configuration with PHP and MySQL.

Features

Usenet like threaded tree structure of the messages

Different views of the threads possible (classical, table, folded)

Categories and tags

BB codes and smilies

Image upload

Avatars

RSS Feeds

Template engine (Smarty)

Different methods of spam protection (can be combined: graphical/mathematical CAPTCHA, wordfilter, IP filter, Akismet, Bad-Behavior)

Localization: language files, time zone and UTF-8 support (see current version for already available languages)”

(2) Vulnerability Details:

My Little Forum  web application has a computer security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

Several similar products vulnerabilities have been found by some other bug hunter researchers before. My Little Forum has patched some of them. The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), which provide innovative, practical solutions for some of our nation's most critical challenges in defense and intelligence, aviation, civil systems, homeland security, the judiciary, healthcare, and cybersecurity. It has published suggestions, advisories, solutions details related to XSS vulnerabilities.

(2.1) The first programming code flaw occurs at "forum.php?" page with "&page", "&category" parameters.

(2.2) The second programming code flaw occurs at "board_entry.php?" page with "&page", "&order" parameters.

(2.3) The third programming code flaw occurs at  "forum_entry.php" page with "&order", "&page" parameters.

References:

http://tetraph.com/security/xss-vulnerability/my-little-forum-multiple-xss-

http://securityrelated.blogspot.com/2015/02/my-little-forum-multiple-xss-security.html

http://seclists.org/fulldisclosure/2015/Feb/15

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1553

http://packetstormsecurity.com/files/authors/11270

http://marc.info/?a=139222176300014&r=1&w=4

http://lists.openwall.net/full-disclosure/2015/02/03/2

http://essaybeans.blogspot.com/2015/05/cve-2015-1475-my-little-forum-multiple.html

https://infoswift.wordpress.com/2015/05/12/cve-2015-1475-my-little-forum

https://twitter.com/tetraphibious/status/597971919892185088

http://japanbroad.blogspot.jp/2015/05/cve-2015-1475-my-little-forum-multiple.html

https://www.facebook.com/tetraph/posts/1649600031926623

http://user.qzone.qq.com/2519094351/blog/1431403836

CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Security Vulnerability Weakness

CVE-2014-7291  Springshare LibCal XSS (Cross-Site Scripting) Security Vulnerability Weakness

Exploit Title: Springshare LibCal Multiple XSS (Cross-Site Scripting) Security Weakness
Product: LibCal
Vendor: Springshare
Vulnerable Versions: 2.0
Tested Version: 2.0
Advisory Publication: Nov 25, 2014
Latest Update: Nov 25, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7291
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Solution Status: Fixed by Vendor
Credit: Wang Jing [SPMS, Nanyang Technological University (NTU), Singapore]








Recommendation Details:


(1) Vendor & Product Description:


Vendor:
Springshare


Product & Vulnerable Versions:
LibCal
2.0

Vendor URL & download:

http://springshare.com/libcal/ 


Product Introduction Overview:
“LibCal is an easy to use calendaring and event management platform for libraries. Used by 1,600+ libraries worldwide, LibCal makes it a breeze to manage online calendar of events, offer room bookings online, manage the opening hours for various locations."

    "Manage Calendar & Event Registrations
    Create custom Registration Forms
    Manage Consultation Appointments"
    Create an Online Room Booking System
    Display Library & Departmental Hours
    Share Calendar/Event Info via Widgets"





(2) Vulnerability Details:
Springshare LibCal web application has a security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

Several Springshare LibCal products vulnerabilities have been found by some other bug hunter researchers before. Springshare LibCal has patched some of them. The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), which provide innovative, practical solutions for some of our nation's most critical challenges in defense and intelligence, aviation, civil systems, homeland security, the judiciary, healthcare, and cybersecurity. It has published suggestions, advisories, solutions details related to Springshare LibCal vulnerabilities.


(2.1) The first code programming flaw  occur at “/api_events.php?” page, with “&m” and “&cid” parameters.







(3) Solutions:
2014-10-01: Report vulnerability to Vendor
2014-10-15: Vendor replied with thanks and vendor changed the source code

References:

https://cxsecurity.com/issue/WLB-2014120002

http://tetraph.com/security/cves/cve-2014-7291-springshare-libcal-xss-cross-site-scripting-vulnerability/

http://seclists.org/fulldisclosure/2014/Nov/90

http://packetstormsecurity.com/files/129289/Springshare-LibCal-2.0-Cross-Site-Scripting.html

http://www.securityfocus.com/bid/71319

http://www.scap.org.cn/CVE-2014-7291.html

http://whitehatpost.blog.163.com/blog/static/2422320542014112982712/#

http://www.cnnvd.org.cn/vulnerability/show/cv_id/2014110532

http://blog.livedoor.jp/dvw_j/archives/42129940.html

http://www.cnvd.org.cn/flaw/show/CNVD-2014-08568

http://marc.info/?l=full-disclosure&m=141705590727919&w=4

http://www.inzeed.com/kaleidoscope/cves/cve-2014-7291-springshare-libcal-xss-cross-site-scripting-security-vulnerability/

http://japanbroad.blogspot.com/2015/03/cve-2014-7291-springshare-libcal-xss.html