LivingLogic XIST4C (CMS) before 0.107.8. allows XSS
XIST4C is a content management system developed and distributed by LivingLogic. The software is also known by the name living apps.
Cross Site Scripting (Reflected)
The security flaw exists because the software does not neutralize user input before it is placed in output that is used as a web page. This enables the creation and sending of compromised links to victims.
>=0.89.0 and <0.107.8
The following CVEs are assigned for this security flaw:
Sending manipulated request:
Receiving manipulated response:
Variables which can be changed by users must not be trusted in general. Therefore, a validation of the transmitted inputs must always take place. It is recommended to check which escaping methods are used and to extend them if necessary.
The vendor assured that the main product is fixed for all customers after being informed about the vulnerability.
|2020-09-13||Vulnerability found and verified|
|2020-09-17||Vendor contacted and informed about the vulnerability|
|2020-09-17||Vendor acknowledged vulnerability and cofirms that a fix for newer versions already exists|
|2020-09-23||Further information is requested from the vendor to register the CVE|
|2020-10-05||Vendor provided further information and assured that the main product is fixed for all clients|
|2021-01-25||CVE number requested|
|2021-02-03||Created Demo / Documentation|
|2021-04-28||Publication of the vulnerability|