by r0t,der4444,cembo,VietMafia

Friday, December 23, 2005

Communiqué 4 XSS vuln.

Communiqué 4 XSS vuln.

Vuln. discovered by : r0t
Date: 23 dec. 2005
vendor:www.day.com/site/en/index.html
affected version: 4 and prior

Product Description:

Communiqué 4 is the first native JCR (JSR 170) standard compliant enterprise content management solution available on the market today. Communiqué 4 revolutionizes content management by decoupling the content management application from the underlying repository.
Communiqué 4 offers a comprehensive range of fully integrated content solutions that enables leading companies to address all of their global content challenges with one highly scalable, reliable platform.

Vuln. Description:

Input passed to the "query" parameter when performing a search isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


Solution:
Edit the source code to ensure that input is properly sanitised.

2 Comments:

Anonymous Anasazi666 told...

Has Day software proposed a fix as yet?

7:25 PM

 
Anonymous David Nuescheler told...

This is by no means a product issue since the executed jsp-template needs to sanitize the input.

A single line of code escaping tags should do the trick.

regards,
david

7:24 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew