by r0t,der4444,cembo,VietMafia

Sunday, December 18, 2005

Lighthouse CMS XSS vuln.

Lighthouse CMS XSS vuln.

Vuln. discovered by : r0t
Date: 18 dec. 2005
vendor:http://www.lighthouse-cms.de/en/
affected version:1.1.0 and prior


Product Description:

Lighthouse is a modern, user friendly, high performance Content Management System. Lighthouse lets you create and manage web applications intuitively.
Lighthouse allows you easy access and effective management of your web presence. Lighthouse enables you to put Enterprise Content Management to use for your business. With its modular structure, it offers you exactly the features you need, saving you time and money.
Lighthouse is at home on all major platforms and can be used with a wide range of databases.

Vuln. Description:

Lighthouse contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to the "search" paremter isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.


/?search=[XSS]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew