← Advisories

MySource Matrix 3.28.3 (height) Remote Reflected XSS Vulnerability

Low

Advisory ID

ZSL-2010-4962

Release Date

06 September 2010

Vendor

Squiz Pty Ltd. - http://www.matrix.squiz.net/

Affected Version

3.28.3

CVE

CVE-2010-4901

Tested On

Microsoft Windows XP Professional SP3 (EN), PHP 5.3.0, MySQL 5.1.36, Apache 2.2.11 (Win32)

Summary

MySource Matrix is a powerful Open Source Content Management System (CMS) written in PHP and is suitable for many types of organisations.

Description

Input passed via the "height" parameter to char_map.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

182: // <?php echo $_REQUEST['width'];?>;
183: // <?php echo $_REQUEST['height'];?>;

Proof of Concept

mysource_xss.txtTXT

Disclosure Timeline

05.09.2010Vulnerability discovered.

06.09.2010Vendor contacted.

06.09.2010Vendor replied asking details.

06.09.2010Sent analysis report to vendor.

06.09.2010Vendor verifies vulnerability.

06.09.2010Vendor releases fix versions 3.26.8 and 3.28.4.

06.09.2010Public advisory released.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://matrix.squiz.net/developer/changelogs/3.28.x/3.28.3-3.28.4

[2]http://securityreason.com/wlb_show/WLB-2010090027

[3]http://secunia.com/advisories/41295/

[4]http://osvdb.org/show/osvdb/67838

[5]http://www.packetstormsecurity.org/filedesc/ZSL-2010-4962.txt.html

[6]http://www.securityfocus.com/bid/43020

[7]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4901

Changelog

06.09.2010Initial release

07.09.2010Added reference [2] and [3]

08.09.2010Added reference [4], [5] and [6]

12.10.2011Added reference [7]