High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in XOOPS which could be exploited to perform cross-site scripting and script insertion attacks.
Cross-site scripting (XSS) vulnerabilities in XOOPS: CVE-2011-4565
The vulnerability exists due to input sanitation error in the “text” parameter in include/formdhtmltextarea_preview.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
Exploitation example:
<form method=“POST” action=“http://HOST/include/formdhtmltextarea_preview.php”>
<input type=“hidden” name=“html” value=“1”>
<input type=“hidden” name=“text” value=“<script>alert(document.cookie)</script>”>
<input type=“submit”>
</form>
Script insertion vulnerability in XOOPS: CVE-2011-4565
Input passed to the “[img]” BBCode tag is not properly sanitized. A remote attacker can insert arbitrary HTML and script code, which will be executed in user`s browser in context of the vulnerable website when user clicks on a specially inserted image.
Exploitation example:
[img width=300]http://www.xoops.org/images/logo.png?");alert(document.cookie);//[ /img]