Metamorfosec Security Advisory METS-2019-001
Multiple cross-site scripting (XSS) vulnerabilities in ProfileDesign CMS v6.0.2.5
FIRST PUBLISHED:
February 16, 2019
VERSION:
1.0
VENDOR:
VegaDesign.net
PRODUCT:
ProfileDesign CMS
VERSION AFFECTED:
6.0.2.5 (maybe prior versions are also affected)
CVE-ID:
CVE-2019-7409
PRODUCT DESCRIPTION:
(from official website: https://www.vegadesign.net/?side=omsystemet)
ProfileDesign CMS is a web based Content Management System that helps you to update content on your website. All you need are a computer connected to the internet. Everything are done via the browser. Wherever you must be in the world. The solution is currently only awailable in Norwegian and English, but will eventually come in both Swedish and Danish. The solution are modular and allows you to easily decide what features you want.
FINDING:
Multiple cross-site scripting (XSS) vulnerabilities in ProfileDesign CMS v6.0.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page, (2) gbs, (3) side, (4) id, (5) imgid, (6) cat, or (7) orderby parameter.
PROOF OF CONCEPT:
[DOMAIN_NAME]?side=&page=">
[DOMAIN_NAME]?side=&gbs=">
[DOMAIN_NAME]?side=">
[DOMAIN_NAME]?side=&id=">
[DOMAIN_NAME]?side=&imgid=">&cat=&orderby=
[DOMAIN_NAME]?side=&imgid=&cat=">&orderby=
[DOMAIN_NAME]?side=&imgid=&cat=&orderby=">
MITIGATION:
Update to v6.0.2.6 or newer
ADVISORY TIMELINE:
Jan 12, 2019 - First contact to vendor, vendor responded, sent vulnerability details report
Jan 13, 2019 - Vendor responded again and will fix the issues as soons as possible, request a CVE-ID
Feb 6, 2019 - Received a CVE-ID (CVE-2019-7409, still RESERVED) and inform it to Vendor
Feb 9, 2019 - Vendor responded that Changelog/Bugfix page in official website has updated
Feb 16, 2019 - Published this advisory (v1.0) and requested to publish CVE-2019-7409
REVISION HISTORY:
Version 1.0 (Feb 16, 2019) - First release
REFERENCES:
https://www.vegadesign.net/?side=pdcmd_endringslogg
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7409
DISCLAIMER:
The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the our website.