PostNuke Reviews Module title Variable XSS

2004-07-18T15:46:48
ID OSVDB:8064
Type osvdb
Reporter DarkBicho(darkbicho@gmail.com)
Modified 2004-07-18T15:46:48

Description

Vulnerability Description

PostNuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input passed to the "title" variables upon submission to the "Reviews" module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

PostNuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input passed to the "title" variables upon submission to the "Reviews" module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/html/modules.php?op=modload&name=Reviews&file=index&req=showcontent&id=1&title=%253cscript>alert%2528document.cookie);%253c/script>

References:

Vendor URL: http://www.postnuke.com/ Secunia Advisory ID:12082 Related OSVDB ID: 8062 Related OSVDB ID: 8063 Other Advisory URL: http://www.swp-zone.org/archivos/advisory-10.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0731.html