Cross-site Scripting (XSS) Vulnerabilities in Expression CMS

2010-09-22T00:00:00
ID HTB22617
Type htbridge
Reporter High-Tech Bridge
Modified 2010-09-22T00:00:00

Description

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Expression CMS which could be exploited to perform cross-site scripting attacks.

1) Cross-site scripting (XSS) vulnerability in Expression CMS
1.1 The vulnerability exists due to input sanitation error in the "section_id" parameter in index.php within the "contact us" page. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in users browser in context of the vulnerable website. Exploitation example: http://host/?section_id=1002815%27%22%3E%3Cscript%3Ealert%28/XSS/%29%3C/scri pt%3E 1.2 The vulnerability exists due to input sanitation error in the "section_copy_id" parameter in index.php within the "contact us" page. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in users browser in context of the vulnerable website.
Exploitation example:
http://host/?section_copy_id=1005176%27%22%3E%3Cscript%3Ealert%28123%29%3C/s cript%3E