Kentico CMS 5.5R2.23 Cross Site Scripting

Type packetstorm
Reporter LiquidWorm
Modified 2011-05-31T00:00:00


Kentico CMS <=5.5R2.23 Cross-Site Scripting POST Injection Vulnerability  
Vendor: Kentico Software  
Product web page:  
Affected version: 5.5R2.23 and bellow  
Summary: .NET Web Content Management System for ASP.NET  
Desc: Kentico CMS suffers from a XSS vulnerability when parsing  
user input to the 'userContextMenu_parameter' parameter via POST  
method in '/examples/webparts/membership/users-viewer.aspx'.   
Attackers can exploit this weakness to execute arbitrary HTML  
and script code in a user's browser session.  
Tested on: Microsoft Windows XP Pro SP3 (EN)  
ASP.NET 2.0.50727  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
liquidworm gmail com  
Vendor timeline:  
12.03.2011 - Vulnerability discovered.  
21.05.2011 - Vendor contacted with sent PoC files.  
23.05.2011 - Vendor replies.  
23.05.2011 - Asked vendor for confirmation.  
24.05.2011 - Vendor confirms issue scheduling hotfix 5.5R2.24.  
31.05.2011 - Coordinated public security advisory released.  
Advisory ID: ZSL-2011-5015  
Advisory URL:  
Vendor Advisory:  
POST http://localhost/examples/webparts/membership/users-viewer.aspx HTTP/1.1