Template Markup Language (TML) index.php form Variable XSS

2005-12-13T20:48:45
ID OSVDB:21801
Type osvdb
Reporter X1ngBox(X1ngBox@gmail.com)
Modified 2005-12-13T20:48:45

Description

Vulnerability Description

TML contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'form' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

TML contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'form' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/[ztml]/index.php?type=tpl&form=<h1> x1ng <h1/>

References:

Vendor URL: http://www.ztml.com/demo/index.php Related OSVDB ID: 21802 Packet Storm: http://packetstormsecurity.org/0512-exploits/ztml.txt CVE-2005-4415 Bugtraq ID: 15876