Month: June 2015

LimeSurvey 2.05+: Persistent XSS

  • Vulnerability: Persistent XSS
  • Affected Software: LimeSurvey
  • Affected Version: Version 2.05+ Build 150520 (probably also prior versions)
  • Patched Version: Version 2.06+ Build 150618
  • Risk: Low-Medium
  • Vendor Contacted: 2015-05-27
  • Vendor Fix: 2015-06-18
  • Public Disclosure: 2015-06-27

TinyWebGallery 2.3.2: Reflected XSS

  • Vulnerability: Reflected XSS
  • Affected Software: TinyWebGallery
  • Affected Version: 2.3.2 (probably also prior versions)
  • Patched Version: 2.3.3
  • Risk: Low-Medium
  • Vendor Contacted: 2015-05-26
  • Vendor Fix: 2015-06-15
  • Public Disclosure: 2015-06-27

There is an XSS vulnerability in version 2.3.2 of TinyWebGallery. It is relatively hard to trigger as it requires a double click by an admin (which can be achieved via clickjacking and social engineering), but once triggered, leads to code execution because of the provided file edit functionality.

The vulnerability is unlikely to be exploited in the wild because it requires quite a bit of social engineering; I’m publishing it because it is a nice example of how different small vulnerabilities can come together and lead to arbitrary PHP code execution.

Beehive Forum 1.4.5: Multiple XSS and CSRF

  • Vulnerability: Multiple XSS and CSRF
  • Affected Software: Beehive Forum
  • Affected Version: 1.4.5 (probably also prior versions)
  • Patched Version: 1.4.6
  • Risk: Medium
  • Vendor Contacted: 2015-05-18
  • Vendor Fix: 2015-05-30
  • Public Disclosure: 2015-06-05

There are multiple XSS and CSRF vulnerabilities in Beehive Forum 1.4.5. Beehive Forum is open source forum software based on PHP.