Cross-site Scripting (XSS) Vulnerabilities in XOOPS

High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in XOOPS which could be exploited to perform cross-site scripting and script insertion attacks.

1. Cross-site scripting (XSS) vulnerabilities in XOOPS: CVE-2011-4565
   The vulnerability exists due to input sanitation error in the “text” parameter in include/formdhtmltextarea_preview.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
   Exploitation example:
   <form method=“POST” action=“http://HOST/include/formdhtmltextarea_preview.php”>
   <input type=“hidden” name=“html” value=“1”>
   <input type=“hidden” name=“text” value=“<script>alert(document.cookie)</script>”>
   <input type=“submit”>
   </form>

2. Script insertion vulnerability in XOOPS: CVE-2011-4565
   Input passed to the “[img]” BBCode tag is not properly sanitized. A remote attacker can insert arbitrary HTML and script code, which will be executed in user`s browser in context of the vulnerable website when user clicks on a specially inserted image.
   Exploitation example:
   [img width=300]http://www.xoops.org/images/logo.png?");alert(document.cookie);//[ /img]