Mara CMS 7.5 - Reflected Cross-Site Scripting

By
Sooraj V Nair
Published on
10 Jan 2022
Vulnerability

Description

Any authenticated user can inject malicious code using the parameter contact.php?theme=inject> resulting in a Reflected XSS vulnerability.

The flaw arises because the parameter hasn’t been properly sanitised, which might result in malicious code being injected and executed on the target’s browser.

Recommendation

  • Update Mara CMS to the latest version

Written by
Sooraj V Nair
Sooraj V Nair
Cyber Security Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days