Ariadne index.php ARLogin Variable XSS

2007-05-01T08:03:57
ID OSVDB:35493
Type osvdb
Reporter Ronald van den Heetkamp()
Modified 2007-05-01T08:03:57

Description

Vulnerability Description

Ariadne CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ARLogin' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Ariadne CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ARLogin' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor URL: http://www.ariadne-cms.org/en/ Secunia Advisory ID:25090 ISS X-Force ID: 33987 CVE-2007-2433 Bugtraq ID: 23735