Comsenz SupeSite CMS Stored XSS (Cross-site Scripting) Security Vulnerabilities

computer pitch


Comsenz SupeSite CMS 7.0 Stored XSS (Cross-site Scripting) Security Vulnerabilities

Exploit Title: Comsenz SupeSite CMS 7.0 Stored XSS Security Vulnerabilities

Product: Supesite CMS (Content Management System)

Vendor: ComSenz

Vulnerable Versions: 6.0.1UC 7.0

Tested Version: 7.0

Advisory Publication: April 15, 2015

Latest Update: April 15, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Discover and Reporter: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Proposition Details:

(1) Vendor & Product Description:



Product & Vulnerable Versions:

SupeSite 6.0.1UC

SupeSite 7.0

Vendor URL & Download:

SupeSite can be brought from here,

Source code:

Product Introduction Overview:

“SupeSite is an independent content management (CMS) function, and integrates Web2.0 community personal portal system X-Space, has a strong aggregation of community portal systems. SupeSite station can be achieved within the forum…

View original post 297 more words

This entry was posted in IT Computer & Web and tagged , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s