After I informed developers in August about multiple vulnerabilities in
In-Portal CMS and they answered they would fix them soon (so wait for
disclosure of the first vulnerabilities), I found new hole in this CMS at
their official site.
This is Cross-Site Scripting vulnerability in In-Portal CMS. Besides tens
millions of vulnerable web sites with affected flash files and vulnerable
multiple plugins for different engines, there are a lot of other vulnerable
plugins and themes - even five years since my original advisory. This time
it's a theme for In-Portal CMS.
This XSS is similar to XSS vulnerability in WP-Cumulus, which I've disclosed
in 2009 (http://securityvulns.com/Wdocument842.html). Because this theme
uses tagcloud.swf made by author of WP-Cumulus. About such vulnerabilities I
wrote in previous years, particularly about millions of flash files
tagcloud.swf which are vulnerable to XSS attacks I mentioned in my article
XSS vulnerabilities in 34 millions flash files
Vulnerable are all versions of In-Portal CMS with this theme. There can be
other vulnerable themes for this CMS.
Cross-Site Scripting (WASC-08):
XSS at official site of In-Portal CMS:
Code will execute after click. It's strictly social XSS
(http://websecurity.com.ua/5476/). Also it's possible to conduct (like in
WP-Cumulus) HTML Injection attack.
I mentioned about this vulnerability at my site
Best wishes & regards,
Eugene Dokukin aka MustLive
Administrator of Websecurity web site