Edgescan Senior Security Consultant Guram Javakhishvili is making an impact in the cybersecurity field as a researcher aka hacker, discovering vulnerabilities across a number of popular applications. Some of which are not yet publicly available, as soon as the vendor implements the fix, those issues will also be added to this list and the blog post will be updated accordingly.
This blog post will address vulnerabilities found in CMS Made Simple and Lime Survey which are already been made available publicly. These vulnerabilities were discovered while validating alerts as part of Edgescan’s human intelligence verification. These discoveries are shared with clients so they can evaluate and mitigate the risks. The vendor is also notified so they can resolve the issues and improve the overall security of the application.
CMS Made Simple is a Content Management System that was first released in July 2004 as an open source General Public License (GPL) package. It is currently used in both commercial and personal projects. It’s built using PHP and the Smarty Engine, which keeps content, functionality, and templates separated.
Guram discovered 5 vulnerabilities in CMS Made Simple 2.2.13. Three are resolved in the latest update 2.2.14 and 2 are outstanding.
Issue: Insufficient validation of user input on the authenticated part of the CMS MadeSimple web application exposes the application to Reflected cross site scripting (XSS) vulnerability. These vulnerabilities enable potentially dangerous input from the user to be accepted by the application and then embedded back in the HTML response of the page returned by the web server.
List of vulnerable parameter: m1_newdirname
Severity: Minor
Resolution: Fixed in 2.2.14
Detailed description of this bug: http://dev.cmsmadesimple.org/bug/view/12224
Issue: Insufficient validation of user input on the authenticated part of the CMS Made Simple web application exposes the application to Reflected cross site scripting (XSS) vulnerability. These vulnerabilities enable potentially dangerous input from the user to be accepted by the application and then embedded back in the HTML response of the page returned by the web server.
List of vulnerable parameter: m1_name
Severity: Minor
Resolution: Fixed in 2.2.14
Detailed description of this bug: http://dev.cmsmadesimple.org/bug/view/12225
Issue: Insufficient validation of user input on the authenticated part of the CMS Made Simple web application exposes the application to persistent cross site scripting (XSS) vulnerabilities. These vulnerabilities enable potentially dangerous input from the user to be accepted by the application and then embedded back in the HTML response of the page returned by the web server. When the content being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.
List of vulnerable parameters: metadata, pagedata
Severity: Critical
Resolution: Fixed in 2.2.14
Detailed description of this bug: http://dev.cmsmadesimple.org/bug/view/12226
Issue: These vulnerabilities enable potentially dangerous input from the user to be accepted by the application and then embedded back in the HTML response of the page returned by the web server. When the User/User’s Preferences being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.
List of vulnerable parameters: date_format_string
Severity: Minor
Resolution: Fixed in 2.2.14
Detailed description of this bug: http://dev.cmsmadesimple.org/bug/view/12227
Issue: These vulnerabilities enable potentially dangerous input from the user to be accepted by the application and then embedded back in the HTML response of the page returned by the web server. When the News being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.
List of vulnerable parameters: m1_title
Severity: Critical
Resolution: Fixed in 2.2.14
Detailed description of this bug: http://dev.cmsmadesimple.org/bug/view/12228
LimeSurvey is a free and open source on-line statistical survey web app written in PHP. As a web server-based software it enables users using a web interface to develop and publish on-line surveys, collect responses, create statistics, and export the resulting data to other applications.
Guram discovered three vulnerabilities in LimeSurvey 3.21.1 which have been fixed in the latest version 3.21.2.
Issue: LimeSurvey latest version 3.21.1 & LimeSurvey development version 4.0.0 suffer from reflective and persistent (Stored) cross site scripting and html injection vulnerabilities.
Insufficient validation of user input on the authenticated part of the Limesurvey application exposes the application to persistent cross site scripting (XSS) vulnerabilities.
These vulnerabilities enable potentially dangerous input from the user to be accepted by the application and then embedded back in the HTML response of the page returned by the web server.
List of vulnerable parameters: firstname, lastname
Resolution: Fixed in 3.21.2
Detailed description of this bug: https://bugs.limesurvey.org/view.php?id=15680
Issue: Insufficient validation of user input on the authenticated part of the Limesurvey application exposes the application to persistent cross site scripting (XSS) vulnerabilities.
These vulnerabilities enable potentially dangerous input from the user to be accepted by the application and then embedded back in the HTML response of the page returned by the web server.
List of vulnerable parameters: Quota%5Bname%5D
Resolution: Fixed in 3.21.2
Detailed description of this bug: https://bugs.limesurvey.org/view.php?id=15681
Issue: Insufficient validation of user input on the authenticated part of the Limesurvey application exposes the application to persistent cross site scripting (XSS) vulnerabilities.
These vulnerabilities enable potentially dangerous input from the user to be accepted by the application and then embedded back in the HTML response of the page returned by the web server.
List of vulnerable parameters: ParticipantAttributeNamesDropdown
Resolution: Fixed in 3.21.2
Detailed description of this bug: https://bugs.limesurvey.org/view.php?id=15672
“Cross Site Scripting (XSS) was discovered in 1999 and is massively prevalent across web applications today. Cross site scripting flaws are the most prevalent flaw in web applications today. Over 12% of vulnerabilities across the fullstack were attributed to XSS in the Edgescan 2020 Vulnerability Stats Report.
At Edgescan, we’re proud of the part we play in identifying vulnerabilities in web apps, alerting vendors and supporting them in making their products as secure as possible. “Eoin Keary, CEO, Edgescan.
Subscribe to the Edgescan blog to receive updates.
Guram Javakhishvili
Senior Information Security Consultant
Edgescan
Marketing Executive of Edgescan