redaxscript 2.5.0: XSSDate: 2015-12-02 10:49:21
|Affected Product:||redaxscript 2.5.0|
|Fixed Version Link:||http://redaxscript.com/files/releases/redaxscript_2.6.1_full.zip|
|Reported to vendor:||10/02/2015|
|Disclosed to public:||12/02/2015|
|Release mode:||Coordinated release|
|Credits||Tim Coen of curesec GmbH|
Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N
There is a persistent XSS vulnerability when leaving comments. It requires the admin to hover over a link to trigger the injected code.
The issue has been partially fixed in version 2.6.0. However, it was still possible to inject a style attribute, making XSS in older browsers possible. This has been fixed in version 2.6.1.
3. Proof of Concept
To mitigate this issue please upgrade at least to version 2.6.1:
Please note that a newer version might already be available.
5. Report Timeline
|10/02/2015||Informed Vendor about Issue|
|11/15/2015||Vendor releases partial fix|
|11/24/2015||Informed vendor that fix is incomplete|
|11/25/2015||Vendor releases fix|
|12/02/2015||Disclosed to public|