KindEditor version 4.1.2 suffers from a cross site scripting vulnerability.
d200f0debb0858f080de57b04eec8d8220a0d2c68dcbce9408afd9284a013239
KindEditor 4.1.2 (name parameter) Reflected XSS Vulnerability
Vendor: Shanghai Hao Yue Software Co., Ltd.
Product web page: http://www.kindeditor.net
Affected version: 4.1.2 and 4.0.6
Summary: KindEditor online HTML editor is a set of open source, mainly for
users on the site to get WYSIWYG editing effects, developers can replace the
traditional multi-line text input box (textarea) KindEditor rich visualization
text input box.
Desc: KindEditor is prone to a reflected cross-site scripting vulnerability.
This issue is due to a failure in the application to properly sanitize user-supplied
input to the 'name' parameter thru the 'index.php' script. Attackers can exploit this
weakness to execute arbitrary HTML and script code in a user's browser session.
--------------------------------- snip ---------------------------------
/index.php:
----------
Line 14: editor = K.create('textarea[name="<?php echo $name; ?>"]', {
--------------------------------- snip ---------------------------------
Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
Apache 2.4.2 (Win32)
PHP 5.4.4
MySQL 5.5.25a
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2012-5100
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5100.php
21.08.2012
---
http://localhost/kindeditor/index.php?name=<pre><script>alert('XSS');</script>by ZSL!</pre>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed