Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:10704
HistoryDec 18, 2005 - 12:00 a.m.

Lighthouse CMS XSS vuln.

2005-12-1800:00:00
vulners.com
16
JSON

Lighthouse CMS XSS vuln.

Vuln. discovered by : r0t
Date: 18 dec. 2005
orginal advisory:http://pridels.blogspot.com/2005/12/lighthouse-cms-xss-vuln.html
vendor:http://www.lighthouse-cms.de/en/
affected version:1.1.0 and prior

Product Description:

Lighthouse is a modern, user friendly, high performance Content
Management System. Lighthouse lets you create and manage web
applications intuitively.
Lighthouse allows you easy access and effective management of your web
presence. Lighthouse enables you to put Enterprise Content Management
to use for your business. With its modular structure, it offers you
exactly the features you need, saving you time and money.
Lighthouse is at home on all major platforms and can be used with a
wide range of databases.

Vuln. Description:

Lighthouse contains a flaw that allows a remote cross site scripting
attack. This flaw exists because input passed to the "search"
paremter isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would
execute arbitrary code in a user's browser within the trust
relationship between the browser and the server, leading to a loss of
integrity.

/?search=[XSS]

Solution:
Edit the source code to ensure that input is properly sanitised.

JSON