by r0t,der4444,cembo,VietMafia

Sunday, December 18, 2005

Libertas Enterprise CMS XSS vuln.

Libertas Enterprise CMS XSS vuln.

Vuln. discovered by : r0t
Date: 18 dec. 2005
vendor:http://www.libertas-solutions.com/
affected version:3.0 and prior

Product Description:

Libertas Enterprise Content Management Server is used by larger organisations and government departments. Standards compliance is core to this CMS product with Dublin Core, eGifs, eForms, UK Government Access Keys and support for numerous XML standards. The system's n-tier architecture is highly scalable ensuring maximum availability. The interface is exceptionally easy to use, requiring limited training for staff already familiar with popular word processing applications. Like all Libertas Solutions suite of CMS products, creating accessible websites is fundamental with tools to ensure WAI / section 508 compliant sites.


Vuln. Description:

Libertas Enterprise CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "page_search" paramter isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

example:

/search/index.php?advanced=0&associa
ted_list=&page=1&search=0&page_search=[XSS]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew