dbc CMS Search needle Variable XSS

2006-10-19T03:49:02
ID OSVDB:29832
Type osvdb
Reporter Landseer()
Modified 2006-10-19T03:49:02

Description

Vulnerability Description

dbc CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'needle' variables when performing a search. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

dbc CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'needle' variables when performing a search. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor URL: http://www.db-central.com/ Secunia Advisory ID:22407 ISS X-Force ID: 29666 FrSIRT Advisory: ADV-2006-4106 CVE-2006-5430 Bugtraq ID: 20622