Libertas ECMS /search/index.php page_search Variable XSS

2005-12-18T01:54:53
ID OSVDB:21819
Type osvdb
Reporter r0t(krustevs@googlemail.com)
Modified 2005-12-18T01:54:53

Description

Vulnerability Description

Libertas ECMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page_search' variable upon submission to the '/search/index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Libertas ECMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page_search' variable upon submission to the '/search/index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

/search/index.php?advanced=0&associated_list=&page=1&search=0&page_search=[XSS]

References:

Vendor URL: http://www.libertas-solutions.com/ Secunia Advisory ID:18117 Other Advisory URL: http://pridels.blogspot.com/2005/12/libertas-enterprise-cms-xss-vuln.html CVE-2005-4399 Bugtraq ID: 15950