phpWebSite Comment Module CM_pid XSS

2004-08-31T00:00:00
ID OSVDB:9445
Type osvdb
Reporter James Bercegay()
Modified 2004-08-31T00:00:00

Description

Vulnerability Description

phpWebSite contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "CM_pis" variable upon submission to the Comment Module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, phpWebSite developers have released a patch to address this vulnerability.

Short Description

phpWebSite contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "CM_pis" variable upon submission to the Comment Module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/index.php?module=comments&CM_op=replyToComment&CM_pid=1[XSS]

References:

Vendor URL: http://phpwebsite.appstate.edu/ Vendor Specific Advisory URL Security Tracker: 1011120 Secunia Advisory ID:12438 Related OSVDB ID: 9444 Related OSVDB ID: 9446 Related OSVDB ID: 9447 Other Advisory URL: http://www.gulftech.org/?node=research&article_id=00048-08312004 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0008.html CVE-2004-1655