b2evolution XSS Vulnerabilities

2006-11-29T00:00:00
ID SECURITYVULNS:DOC:15250
Type securityvulns
Reporter Securityvulns
Modified 2006-11-29T00:00:00

Description


Security Advisory



Severity: Medium Title: b2evolution XSS Vulnerability Date: 28.11.06 Author: tarkus (tarkus (at) tiifp (dot) org) Web: https://tiifp.org/tarkus Vendor: b2evolution (http://b2evolution.net/) Affected Product(s): b2evolution 1.8.2 - 1.9 beta


Description:

http://<victim>/<b2epath>/inc/VIEW/errors/_404_not_found.page.php?bas \ eurl=[XSS]&app_name=[XSS]

http://<victim>/<b2epath>/inc/VIEW/errors/_410_stats_gone.page.php?ap \ p_name=[XSS]

http://<victim>/<b2epath>/inc/VIEW/errors/_referer_spam.page.php?ReqU \ RI=[XSS]&app_name=[XSS]

Workaround:

Put the following line at the beginning of the files.

if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page \ directly.' );

Timeline:

Reported to Vendor: 10.11.06 Vendor response: 10.11.06 Patch in CVS: 10.11.06