CMS Builder 2.14 Cross Site Scripting

2012-03-01T00:00:00
ID PACKETSTORM:110368
Type packetstorm
Reporter Karthik R
Modified 2012-03-01T00:00:00

Description

                                        
                                            `  
CMS Builder  
vendor: http://www.interactivetools.com/  
Version: CMS Builder 2.14  
Author: Karthik R (3psil0nLambDa)  
Email: Karthik.cupid@gmail.com  
My blog: www.epsilonlambda.wordpress.com  
Google dork: Website powered by CMS Builder  
  
------------------------------------------------------------------------------------------------------------------------------------------------------------  
  
Description about the CMS  
  
With CMS Builder, you create your own customized CMS in minutes, even if you've never installed a web script before. You don't need to be a programmer: whether it's for your own site or a client's project, even a novice web developer can easily create a custom system for managing your whole site.  
  
------------------------------------------------------------------------------------------------------------------------------------------------------------  
* PERSISTENT XSS VULNERABILITY :  
  
In the admin panel, input the TITLE and BODY with the following code, leading to Persistent XSS exploit in the CMS  
  
Exploit: <IFRAME SRC="javascript:alert('XSS');"></IFRAME>  
  
------------------------------------------------------------------------------------------------------------------------------------------------------------  
`