[2/5] Tux CMS Multiple Cross-Site Scripting Vulnerabilities

May 8th, 2008 by

[2/5] Tux CMS Multiple Cross-Site Scripting Vulnerabilities

:Hadi Kiamarsi has discovered some vulnerabilities in Tux CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.Input passed to the "q" parameter in index.php and to the "returnURL" parameter in tux-login.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.The vulnerabilities are confirmed in version 0.1. Other versions may also be affected.Solution:Edit the source code to ensure that input is properly sanitised.Provided and/or discovered by:Hadi Kiamarsi, IRCRASHOriginal Advisory:http://seclists.org/bugtraq/2008/May/0087.html

Original post by manisha

[2/5] Tux CMS Multiple Cross-Site Scripting Vulnerabilities

Related Articles:

[3/5] vbDrupal Multiple Vulnerabilities

[2/5] InterWorx-CP Multiple Cross-Site Scripting

[2/5] VisionProject Multiple Cross-Site Scripting Vulnerabilities

[2/5] Urchin Multiple Cross-Site Scripting

[2/5] LinPHA Multiple Cross-Site Scripting Vulnerabilities

Posted in Advisories - Exploits | | [2/5] Tux CMS Multiple Cross-Site Scripting Vulnerabilities

<< [2/5] Sun Ray Server Software Kiosk Mode Vulnerability | [3/5] Sun Java System Web Server / Application Server JSP Information Disclosure >>

Cybertrion Systems

[2/5] Tux CMS Multiple Cross-Site Scripting Vulnerabilities

Categories

Archives:

Search:

Meta: