vulnwatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3

from [Hanno Böck] [Permanent Link][Original]
To: vulnwatch@vulnwatch.org, full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Subject: CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3
From: "Hanno Böck" <mail@hboeck.de>
Date: Thu, 12 Apr 2007 01:43:09 +0200
Delivered-to: sp-com-lists@consult.net
Delivered-to: bugtraq-list@securepoint.com
Delivered-to: mailing list bugtraq@securityfocus.com
Delivered-to: moderator for bugtraq@securityfocus.com
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@securityfocus.com; run by ezmlm
User-agent: KMail/1.9.6 
Cross site scripting in toendaCMS 1.5.3

security advisory

References:
 http://www.toendacms.com/
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1872

Description:
 Cross site scripting describes attacks that allow to insert malicious
 html or javascript code via get or post forms. This can be used to steal
 session cookies.
 toendacms is a content management system. The search function can be used
 to inject javascript code.

Workaround/Fix:
 There's no vendor fix.
 Vendor has been contacted 2007-03-11 and replied that they were working on
 the issue.

Sample Code:
 <form action="http://toendainstallation/"; method="post">
 <input type="hidden" name="searchword" value='"><script>alert(1)</script>'>
 <input type="hidden" name="id" value="search">
 <input type="submit"></form>

CVE Information:
 The Common Vulnerabilities and Exposures (CVE) project has assigned the
 name CVE-2007-1872 to this issue. This is a candidate for inclusion in
 the CVE list (http://cve.mitre.org/), which standardizes names for
 security problems.

Credits and copyright:
 This vulnerability was discovered by Hanno Boeck of schokokeks.org
 webhosting.
 It's licensed creative commons attribution:
 http://creativecommons.org/licenses/by/3.0/

 Hanno Boeck, 2007-04-12, http://www.hboeck.de

Attachment: pgpeDqc83NL21.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3, Hanno Böck <=
Previous by Date:  CVE-2007-1871: Cross site scripting in chcounter 3.1.3, Hanno Böck
Next by Date:  Cross site scripting in mephisto 0.7.3, Hanno Böck
Previous by Thread:  CVE-2007-1871: Cross site scripting in chcounter 3.1.3, Hanno Böck
Next by Thread:  Cross site scripting in mephisto 0.7.3, Hanno Böck
Indexes:  [Date] [Thread] [Top] [All Lists]