Monstra 1.2.1 Multiple HTML Injection Vulnerabilities

Title: Monstra 1.2.1 Multiple HTML Injection Vulnerabilities
Advisory ID: ZSL-2012-5101
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 23.08.2012
Summary
Monstra is fast and small content management system written in PHP! It's free, open source and easy to use from the start!
Description
Monstra suffers from multiple stored XSS vulnerabilities when parsing user input to the 'menu_item_link', 'menu_item_name' and 'page_title' parameters via POST method thru 'index.php' script. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, and influence or misrepresent how Web content is served, cached, or interpreted.
Vendor
MONSTRA.ORG - http://www.monstra.org
Affected Version
1.2.1
Tested On
Microsoft Windows 7 Ultimate SP1 (EN)
Apache 2.4.2 (Win32)
PHP 5.4.4
MySQL 5.5.25a
Vendor Status
N/A
PoC
monstra_xss.html
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://packetstormsecurity.org/files/115821
[2] http://cxsecurity.com/issue/WLB-2012080209
[3] http://secunia.com/advisories/50374/
[4] http://www.securityfocus.com/bid/55171
[5] http://www.securelist.com/en/advisories/50374
[6] http://forums.cnet.com/7726-6132_102-5350871.html
[7] http://www.osvdb.org/show/osvdb/84839
[8] http://xforce.iss.net/xforce/xfdb/77953
Changelog
[23.08.2012] - Initial release
[24.08.2012] - Added reference [4], [5] and [6]
[25.08.2012] - Added reference [7]
[26.08.2012] - Added reference [8]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk