Textpattern 4.2.0 Cross Site Scripting

Type packetstorm
Reporter LiquidWorm
Modified 2010-09-08T00:00:00


                                            `Textpattern 4.2.0 (txplib_db) Null Termination Cross-Site Scripting Vulnerability  
Vendor: Team Textpattern  
Product web page: http://www.textpattern.com  
Affected version: 4.2.0  
Summary: Textpattern is an open source content management system  
unlike any other; it allows you to easily create, edit and publish  
content and make it beautiful in a professional, standards-compliant  
Desc: Textpattern CMS version 4.2.0 suffers from a XSS vulnerability.  
Input passed via the "q" parameter to Textpattern (TXP) Tag Library  
(txplib_db.php) is not properly sanitised before being returned to  
the user. This can be exploited to execute arbitrary HTML and script  
code in a user's browser session in context of an affected site.  
Tested on: Microsoft Windows XP Professional SP3 (EN)  
PHP 5.3.0  
MySQL 5.1.36  
Apache 2.2.11 (Win32)  
Vendor status: [05.09.2010] Vulnerability discovered.  
[05.09.2010] Initial contact with the vendor.  
[07.09.2010] No reply from vendor.  
[08.09.2010] Public advisory released.  
Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic  
Zero Science Lab - http://www.zeroscience.mk  
liquidworm gmail com  
Zero Science Lab Advisory ID: ZSL-2010-4963  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4963.php