Title: BGS CMS v2.2.1 Multiple Stored Cross-Site Scripting Vulnerabilities
Advisory ID: ZSL-2012-5084
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 11.04.2012

Summary

BGS CMS is powerful Content Management System used to easily publish, manage and organize wide variety of content on the website.

Description

BGS CMS suffers from multiple stored and reflected XSS vulnerabilities when parsing user input to several parameters via GET and POST method (post-auth). Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

Vendor

BGSvetionik - http://www.bgs-cms.com

Affected Version

2.2.1

Tested On

Apache 2.2.22
PHP 5.3.10

Vendor Status

[05.04.2012] Vulnerabilities discovered.
[05.04.2012] Initial contact with the vendor.
[10.04.2012] No response from the vendor.
[11.04.2012] Public security advisory released.

PoC

bgscms_xss.html

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] http://cxsecurity.com/issue/WLB-2012040095
[2] http://secunia.com/advisories/38597/
[3] http://packetstormsecurity.org/files/111758/BGS-CMS-2.2.1-Cross-Site-Scripting.html
[4] http://www.securityfocus.com/bid/52983
[5] http://xforce.iss.net/xforce/xfdb/74839
[6] http://www.osvdb.org/show/osvdb/81115

Changelog

[11.04.2012] - Initial release
[12.04.2012] - Added reference [2], [3] and [4]
[14.04.2012] - Added reference [5]
[16.04.2012] - Added reference [6]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk