eXV² Content Management System 2.10 Remote XSS Vulnerability
Title: eXV² Content Management System 2.10 Remote XSS Vulnerability
Advisory ID: ZSL-2010-4970
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 15.10.2010
Apache 2.2.14 (Win32)
MySQL 5.1.41
PHP 5.3.1
[10.10.2010] Contact with the vendor.
[14.10.2010] No reply from vendor.
[15.10.2010] Public advisory released.
[04.11.2010] Vendor releases version 2.11 to address this issue (http://www.exv2.de/mydownloads,singlefile,lid,268.html).
[2] http://securityreason.com/wlb_show/WLB-2010100081
[3] http://securityreason.com/securityalert/7880
[4] http://xforce.iss.net/xforce/xfdb/62630
[5] http://www.securityfocus.com/bid/44169
[6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4155
[7] http://osvdb.org/show/osvdb/69173
[8] http://osvdb.org/show/osvdb/69174
[9] http://osvdb.org/show/osvdb/69175
[10] http://osvdb.org/show/osvdb/69176
[16.10.2010] - Added reference [1]
[17.10.2010] - Added reference [2]
[04.11.2010] - Added vendor status
[06.11.2010] - Added reference [3], [4], [5] and [6]
[13.11.2010] - Added reference [7], [8], [9] and [10]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2010-4970
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 15.10.2010
Summary
eXV² is a free CMS for building and operating private home pages, small and large communities and it's also easily used for small to medium business presences.Description
The CMS suffers from a remote reflected Cross-Site Scripting vulnerability when input passed thru "rssfeedURL" and "subm" parameter in "archive.php", "topics.php", "example.php" and "index.php" is not sanitized, allowing the attacker to execute arbitrary HTML and script code in a user's browser session and aid in phishing attacks.Vendor
eXV² Team - http://www.exv2.deAffected Version
2.10 (LiveCD)Tested On
Microsoft Windows XP Professional SP3 (English)Apache 2.2.14 (Win32)
MySQL 5.1.41
PHP 5.3.1
Vendor Status
[09.10.2010] Vulnerability discovered.[10.10.2010] Contact with the vendor.
[14.10.2010] No reply from vendor.
[15.10.2010] Public advisory released.
[04.11.2010] Vendor releases version 2.11 to address this issue (http://www.exv2.de/mydownloads,singlefile,lid,268.html).
PoC
exv2_xss.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://www.packetstormsecurity.org/filedesc/exv2-xss.txt.html[2] http://securityreason.com/wlb_show/WLB-2010100081
[3] http://securityreason.com/securityalert/7880
[4] http://xforce.iss.net/xforce/xfdb/62630
[5] http://www.securityfocus.com/bid/44169
[6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4155
[7] http://osvdb.org/show/osvdb/69173
[8] http://osvdb.org/show/osvdb/69174
[9] http://osvdb.org/show/osvdb/69175
[10] http://osvdb.org/show/osvdb/69176
Changelog
[15.10.2010] - Initial release[16.10.2010] - Added reference [1]
[17.10.2010] - Added reference [2]
[04.11.2010] - Added vendor status
[06.11.2010] - Added reference [3], [4], [5] and [6]
[13.11.2010] - Added reference [7], [8], [9] and [10]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
