TMSPublisher search.cfm q Variable XSS

2005-04-29T00:00:00
ID OSVDB:23014
Type osvdb
Reporter Adli Wahid(adli.wahid@gmail.com)
Modified 2005-04-29T00:00:00

Description

Vulnerability Description

TMSPublisher contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'q' variable upon submission to the 'search.cfm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, TMS has released a patch to address this vulnerability.

Short Description

TMSPublisher contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'q' variable upon submission to the 'search.cfm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/search.cfm?q=<XSS>

References:

Vendor URL: http://www.tmspublisher.com Vendor Specific Solution URL: http://developer.tmsasia.com/page.cfm?name=security Other Advisory URL: http://metawire.org/~adli/advisories/250405_tmspublisher_vulnerablility.signed.txt CVE-2005-4721