Comsenz SupeSite CMS Stored XSS (Cross-site Scripting) Security Vulnerabilities

computer pitch


Comsenz SupeSite CMS 7.0 Stored XSS (Cross-site Scripting) Security Vulnerabilities

Exploit Title: Comsenz SupeSite CMS 7.0 Stored XSS Security Vulnerabilities

Product: Supesite CMS (Content Management System)

Vendor: ComSenz

Vulnerable Versions: 6.0.1UC 7.0

Tested Version: 7.0

Advisory Publication: April 15, 2015

Latest Update: April 15, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Discover and Reporter: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Proposition Details:

(1) Vendor & Product Description:



Product & Vulnerable Versions:

SupeSite 6.0.1UC

SupeSite 7.0

Vendor URL & Download:

SupeSite can be brought from here,

Source code:

Product Introduction Overview:

“SupeSite is an independent content management (CMS) function, and integrates Web2.0 community personal portal system X-Space, has a strong aggregation of community portal systems. SupeSite station can be achieved within the forum…

View original post 297 more words

About essaybeans

Getting realistic and idealistic at the same time.
This entry was posted in Computer & Web Technology and tagged , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s