CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3

["Hanno Böck" <mail () hboeck de>]

Cross site scripting in toendaCMS 1.5.3

security advisory

References:
 http://www.toendacms.com/
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1872

Description:
 Cross site scripting describes attacks that allow to insert malicious
 html or javascript code via get or post forms. This can be used to steal
 session cookies.
 toendacms is a content management system. The search function can be used
 to inject javascript code.

Workaround/Fix:
 There's no vendor fix.
 Vendor has been contacted 2007-03-11 and replied that they were working on
 the issue.

Sample Code:
 <form action="http://toendainstallation/"; method="post">
 <input type="hidden" name="searchword" value='"><script>alert(1)</script>'>
 <input type="hidden" name="id" value="search">
 <input type="submit"></form>

CVE Information:
 The Common Vulnerabilities and Exposures (CVE) project has assigned the
 name CVE-2007-1872 to this issue. This is a candidate for inclusion in
 the CVE list (http://cve.mitre.org/), which standardizes names for
 security problems.

Credits and copyright:
 This vulnerability was discovered by Hanno Boeck of schokokeks.org
 webhosting.
 It's licensed creative commons attribution:
 http://creativecommons.org/licenses/by/3.0/

 Hanno Boeck, 2007-04-12, http://www.hboeck.de

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/