Easy PX 41 CMS viewprofil.php membres Variable XSS
2005-07-29T09:16:17
ID OSVDB:18335 Type osvdb Reporter FalconDeOro(falcondeoro@gmail.com) Modified 2005-07-29T09:16:17
Description
Vulnerability Description
Easy PX 41 CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'membres' variable upon submission to the viewprofile.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
Easy PX 41 CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'membres' variable upon submission to the viewprofile.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
{"type": "osvdb", "published": "2005-07-29T09:16:17", "href": "https://vulners.com/osvdb/OSVDB:18335", "hashmap": [{"key": "affectedSoftware", "hash": "e33ea52a7f390855e3313b59b4fcd1a1"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "af381ad99dbb5f6dc7cbf2dc7df54dfa"}, {"key": "href", "hash": "dd87487ba8233528a14d8b2e2159610f"}, {"key": "modified", "hash": "3e1968df00a5a331ddefde83fa37fd7e"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "3e1968df00a5a331ddefde83fa37fd7e"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "0c5fae3bc108f8375f000f8d0330e669"}, {"key": "title", "hash": "b15097567d7596961eebc1d4d121bd86"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "NONE", "score": 0.0}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "FalconDeOro(falcondeoro@gmail.com)", "title": "Easy PX 41 CMS viewprofil.php membres Variable XSS", "affectedSoftware": [{"operator": "eq", "version": "v05.05.06", "name": "Easy PX 41 CMS"}], "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2017-04-28T13:20:14"}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:14"}, "vulnersScore": -0.1}, "references": [], "id": "OSVDB:18335", "hash": "e624d74792c1d08745da1e6180ad3b22f82306da06e272823139536d45cf3c09", "lastseen": "2017-04-28T13:20:14", "cvelist": [], "modified": "2005-07-29T09:16:17", "description": "## Vulnerability Description\nEasy PX 41 CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'membres' variable upon submission to the viewprofile.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nEasy PX 41 CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'membres' variable upon submission to the viewprofile.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]/index.php?pg=modules/forum/viewprofil.php&membres=[XSS]\n## References:\nVendor URL: http://www.easypx41.be/\n[Secunia Advisory ID:16264](https://secuniaresearch.flexerasoftware.com/advisories/16264/)\n[Related OSVDB ID: 18336](https://vulners.com/osvdb/OSVDB:18336)\n[Related OSVDB ID: 18334](https://vulners.com/osvdb/OSVDB:18334)\n[Related OSVDB ID: 18333](https://vulners.com/osvdb/OSVDB:18333)\nOther Advisory URL: http://falcondeoro.blogspot.com/2005/07/xss-flaws-and-data-disclosure-in.html\n"}
