Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Bedita CMS 3.6.0 – Publication Module Bug Report #8
Bedita CMS 3.6.0 – Publication Module Bug Report
Proof of concept: (POC)
Figure 1: XSS Payload injected in the given URL http://192.168.56.104/bedita/beditaapp/pages/showObjects/2/0/0/leafs is reflected back in the response
Figure 2: XSS Payload gets executed in the browser
referenced this issue
Oct 14, 2015
Hi @cybersecurityworks here a BEdita dev.
I see you used Burp Suite, so I installed it and I'm trying to figure out how to use it to reproduce the attack. I configured Firefox to work with Burp setting Proxy and Burp intercepts every request I do from BEdita. From Burp I edit the POST url of the request intercepted appending
Please could you give me other informations on how to test the attack?
Good to know. Then, Is that possible for bedita or bedita development team to give at least credit for discovering this issue? If possible please provide credit to:
"Arjun from Cyber Security Works Pvt Ltd ( http://cybersecurityworks.com)"
This will keep our team motivated to keep on working on enhancing security. Thanks
And finally it's here https://github.com/bedita/bedita/releases/tag/v3.7.0