by r0t,der4444,cembo,VietMafia

Wednesday, December 21, 2005

RAMSite R|1 CMS XSS vuln.

RAMSite R|1 CMS XSS vuln.

Vuln. discovered by : r0t
Date: 21 dec. 2005
vendor:http://ramsiter1.imikalsen.com/
affected version:1.0 and prior

Product Description:

The RAMSite R|1 CMS is an advanced, yet easy to use and lightweight, complete web-publishing solution. It is filled with useful and interesting features, and is built upon an architecture specifically designed to allow impressive development cycles for additional modules.

Vuln. Description:

RAMSite R|1 CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to search module paremters isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution:
Edit the source code to ensure that input is properly sanitised.

2 Comments:

Anonymous Remi Mikalsen told...

Hello. I'm the creator of the RAMSite R|1 CMS. Could you please give an example of code that could be potentially harmful. Thank you!

12:54 PM

 
Anonymous remi mikalsen told...

The problem has been identified. The next system update will resolve the specific problem.

10:34 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew