e107 comment.php Comment Field XSS

2005-06-12T08:07:15
ID OSVDB:17574
Type osvdb
Reporter Marc Ruef(marc.ruef@computec.ch)
Modified 2005-06-12T08:07:15

Description

Vulnerability Description

e107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the comment field upon submission to the comment.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

e107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the comment field upon submission to the comment.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

Insert <IFRAME SRC=javascript:alert('XSS')></IFRAME> into the comment field of a comment entry.

References:

Vendor URL: http://www.e107.org Secunia Advisory ID:15733 Related OSVDB ID: 17569 Related OSVDB ID: 17570 Related OSVDB ID: 17571 Related OSVDB ID: 17572 Related OSVDB ID: 17573 Nessus Plugin ID:18222 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0141.html Bugtraq ID: 13974