Caravel CMS /Community/News Multiple Variable XSS

2005-12-17T10:18:30
ID OSVDB:21834
Type osvdb
Reporter r0t(krustevs@googlemail.com)
Modified 2005-12-17T10:18:30

Description

Vulnerability Description

Caravel CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'fileDN' and 'folderviewer_attrs' variables upon submission to the '/Community/News' page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Caravel CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'fileDN' and 'folderviewer_attrs' variables upon submission to the '/Community/News' page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

/Community/News?&CB=CB1&fileDN=[XSS]

/Community/News?&CB=CB1&fileDN=mnF%3Djune2005.html%2CmnOD%3DNewsletter%2CmnOD%3DMy%20Documents%2Cdc%3Demanuel%2Cdc%3Dmennonite%2Cdc%3Dnet&folderviewer_attrs=[XSS]

References:

Vendor URL: http://caravelcms.org/ Secunia Advisory ID:18151 Related OSVDB ID: 21833 Other Advisory URL: http://pridels.blogspot.com/2005/12/caravel-cms-xss.html CVE-2005-4381 Bugtraq ID: 15939