Comsenz SupeSite CMS Reflected XSS (Cross-site Scripting) Security Vulnerabilities

IT Computer & Web Information Technology

Comsenz SupeSite CMS Reflected XSS (Cross-site Scripting) Security Vulnerabilities

Exploit Title: Comsenz SupeSite CMS Reflected XSS Security Vulnerabilities

Product: SupeSite CMS (Content Management System)

Vendor: Comsenz

Vulnerable Versions: 6.0.1UC 7.0

Tested Version: 7.0

Advisory Publication: Feb 25, 2015

Latest Update: Feb 25, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Advisory Details:

(1) Vendor & Product Description:

Vendor: Comsenz

Product & Version:

SupeSite6.0.1UC

SupeSite7.0

Vendor URL & Download:

SupeSite can be downloaded from here,

http://www.comsenz.com/products/other/supesite

http://www.comsenz.com/downloads/install/supesite#down_open

Source code:

http://www.8tiny.com/source/supesite/nav.html?index.html

Product Introduction:

“SupeSite is an independent content management (CMS) function, and integrates Web2.0 community personal portal system X-Space, has a strong aggregation of community portal systems. SupeSite station can be achieved within the forum (Discuz!), personal space (X-Space) information content aggregation. Any webmaster , are available through SupeSite, easy to build a community portal for Web2.0.”

“Features include: information management, information…

View original post 87 more words

Advertisements

About essaybeans

Getting realistic and idealistic at the same time.
This entry was posted in Computer & Web Technology, IT Technology and tagged , , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s