Headless CMS with wysiwyg editor for XML and HTML5, omnichannel, multi-format and multi-platform decoupled publishing as html5, .net, j2ee, php, RoR, XML, json, RDF, epub, mobile apps, ... into the Cloud. Demo: http://demo.ximdex.com
Today, URLs in ximdex are including the language and channel for deployment directly after the name of the document (node) generating something as index-iden-idweb.html
This URLs are automatically generated by pathto() and should be modified to conform different url types as:
no channel there, because it is the extension of the file (option during channel creation to tick if the extension has the identifier, guaranteeing there is only one extension for that type in a server path... channel for printing the document are not relevant anymore due to css, channels in ximdex are more related to technology frameworks -java, php- and usually are deployed in different sites)
language appears as a folder after the project name (root of the web as www/en/index.html and www/es/index.html)
language appears in the filename but could be removed for the main language (so index.html for english and index-ides.html for spanish)
support to cue files to allow the web server to select languages
To avoid Xedit to load all the XSL templates when is opening a XML document, we propose to create a compiled file with all the XSL templates used in it.
Vulnerability url : http://demo.ximdex.com/xcms/index.php?action=createaccount Vulnerability parameters:
sname,fname payload:
fname=x"><script>alert(document.cookie)</script>//&sname=&email=&recaptcha_response_field=manual_challenge&newsletter=&enviar=Register&recaptcha_challenge_field=
fname=x&sname=x"><script>alert(document.cookie)</script>//&email=&recaptcha_response_field=manual_challenge&newsletter=&enviar=Register&recaptcha_challenge_field= Vulnerability verification:
1, open the problematic page
2, use hackbar to simulate post submission, submit payload
3, the response page will pop up a cookie based on the inserted js code
4, using another question parameter fname, found to produce the same effect. Repair proposal:
1, limit the input data, does not allow special characters;
2, Do not trust interaction data, filter all tags
A REST API for selected actions (CRUD of some node types) and publish of contents. After it, could be of interest to provide a semantic description of the API.
Ximdex CMS uses an own root XML element to surround every XML file that it handles. This special XML element is called docxap.
For a full translation of the code, it's necessary that the docxap attributes would be translated into english. Here are the list of them and their translation candidates:
The idea is to find a tool able to manage external dependencies/bundles/extensions for explicit set them in a config file and remove that files from the codebase.
Maybe bundler, maven, graddle or whatever similar able to do the job.
The vulnerability exists due to insufficient filtration of user-supplied data in "url" HTTP parameter that will be passed to "ximdex-develop/extensions/csstidy/css_optimiser.php". The infected source code is line 139 there is no protection on $_REQUEST['url'], if it contains evil js code, line 139 will trigger untrusted code to be executed on the browser side.
So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. http://your-web-root/ximdex-develop/extensions/csstidy/css_optimiser.php?url="><script>alert(1);</script><"
The follow scrrenshot is the result to click the upper url ( win7 sp1 x64 + firefox 51.0.1 32bit ):
hey there,
wanted to try this on a virtualbox with port forwarding.
So, the url for accessing ximdex on my host system is: http://localhost:8080/ximdex
But i can't give the port to the install script. if i type it at the appropriate place, i get an error saying the url is incorrect.
But if i specify it without url, it breaks completely
Nowadays, modules are installed automatically during the Ximdex installation if they are deployed with the core. The installer should download a module and install it.
Enable markdown support on text edition on common files. It would be necessary to add the proper mimetype to the table RelNodeTypeMimetype: text/x-markdown.
Now, this error is strict. The installation process stops. The solution would be to give three options y for preceed,r for rename the host url and n for aborting the installation.
Vulnerability url : http://demo.ximdex.com/xfind/search
Vulnerability parameters:
filter[0][value];filter[1][value];filter[2][value];filter[3][value];filter[4][value];filter[5][value];filter[6][value];filter[7][value];filter[8][value];filter[9][value];filter[10][value];filter[11][value];filter[12][value];
payload:
javascript:alert(3294)
Vulnerability verification:
1, open the problematic page
2, use hackbar to simulate post submission, submit payload
3, the response page will pop up the set contents according to the inserted js code
4, using another question parameters found to produce the same effect.
Relax the number of nodes that are automatically created (table defaultcontents) when a new node for a nodetype is created, providing a visual selector of optional nodetypes to make them selectables.