New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Impresspage CMS 5.0.3 using easyXDM 2.4.17.1 can be attack DOM XSS (CVE-2014-1403) #900

Open

shino-337 opened this issue Jun 29, 2020 · 1 comment

shino-337 commented Jun 29, 2020

I found the new version 5.0.3 of Impresspages CMS using easyXDM, but it is the old version and has some DOM XSS bug on location.href in
file "/Ip/Internal/Core/assets/js/easyXDM/name.html" line 1450.
The information of this vulnerability here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1403
The fixed bug commit from easyXDM: oyvindkinsey/easyXDM@a3194d3#diff-6489956f1e1f52236929b4d33cbeb2db

The text was updated successfully, but these errors were encountered:

rogboyce commented Jul 12, 2020

Thanks, it's good to be made aware of these things in time so we can do something about it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment