FlatPress 1.0.2 Cross Site Scripting

FlatPress 1.0.2 Cross Site Scripting

FlatPress 1.0.2 - Cross-site Scripting
Advisory ID: FlatPress 1.0.2 Cross Site Scripting

FlatPress 1.0.2 - Cross-site Scripting
Advisory ID: RO-14-011
Severity: Critical
Vendor: FlatPress
Product: FlatPress
Version: 1.0.2


Overview #

Cross-site Scripting (XSS) vulnerabilities exist in FlatPress version 1.0.2. FlatPress is a blogging engine that saves posts as simple text files.


Vulnerability Details #

Affected Versions: 1.0.2 and earlier

Root Cause: Insufficient input validation in the content parameter allows XSS attacks.
Technical Details #

POST /?x=entry:entry131123-000300 HTTP/1.1

content=</textarea><script>alert(9)</script>



Exploitation Requirements #

Authentication may be required
Victim must view the malicious content

Impact #

Remote attackers can exploit these vulnerabilities to:

Steal user session cookies
Perform actions on behalf of users
Persistently inject malicious content



Solution #

Update to a patched version. See GitHub Issue #14.


References #

Invicti Advisory NS-14-015

Timeline:

[2014-03-04] - First Contact
[2014-03-05] - Vendor Fixed
[2014-04-08] - Advisory Released

Credits: Omar Kurt