PacketFence Network Access Controller Cross Site Scripting

`# Title : Injection Flaw in PacketFence Network Access Controller  
# Date : 20-12-2009  
# Author : K053  
# Tested on : Private Networks  
# Download : http://www.packetfence.org/download/releases.html  
______________________________________________________________________________________________  
Note :  
------  
PacketFence is a fully supported, Free and Open Source network access control (NAC) system.  
PacketFence is actively maintained and has been deployed in numerous large-scale institutions  
over the past years. It can be used to effectively secure networks - from small to very large  
heterogeneous networks.  
______________________________________________________________________________________________  
Bug [ Login.php ] :  
-------------------  
function check_input($input){  
if(preg_match("/^[\@a-zA-Z0-9_\:\,\(\)]/", $input) && strlen($input) <= 15){  
return true;  
}  
else{  
print "Invalid parameter: $input<br>";  
return false;  
}  
}  
  
//TODO are we being too difficult on what we accept as a password? ie: pass starting with ; is invalid  
function check_sensitive_input($input){  
if(preg_match("/^[\@a-zA-Z0-9_\:\,\(\)]/", $input) && strlen($input) <= 15){  
return true;  
}  
else{  
print "Invalid sensitive parameter<br>";  
return false;  
}  
}  
______________________________________________________________________________________________  
Poc :  
-----  
The Function fail on input validation on passed data, application is vulnerable to injection flaw like  
Xss , Html Code injection ... :  
  
Attacker can perform attack via post method : manipulate passed data or just enter something like  
<script>alert(0)</script> in username filed .  
______________________________________________________________________________________________  
  
`