search

impresspages / ImpressPages

ImpressPages is php framework with admin panel. Build functional website in one hour.
http://www.impresspages.org
Other
502 stars 175 forks source link

Impresspage CMS 5.0.3 using easyXDM 2.4.17.1 can be attack DOM XSS (CVE-2014-1403) #900

Open shino-337 opened 4 years ago

shino-337 commented 4 years ago

I found the new version 5.0.3 of Impresspages CMS using easyXDM, but it is the old version and has some DOM XSS bug on location.href in file "/Ip/Internal/Core/assets/js/easyXDM/name.html" line 1450. The information of this vulnerability here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1403 The fixed bug commit from easyXDM: https://github.com/oyvindkinsey/easyXDM/commit/a3194d32c25a0d27a10a47304eb9c9be93ffbf13#diff-6489956f1e1f52236929b4d33cbeb2db

rogboyce commented 4 years ago

Thanks, it's good to be made aware of these things in time so we can do something about it.