← Advisories

eXV² Content Management System 2.10 Remote XSS Vulnerability

Medium
Advisory ID
ZSL-2010-4970
Release Date
15 October 2010
Vendor
eXV² Team - http://www.exv2.de
Affected Version
2.10 (LiveCD)
CVE
CVE-2010-4155
Tested On
Microsoft Windows XP Professional SP3 (English), Apache 2.2.14 (Win32), MySQL 5.1.41, PHP 5.3.1
Summary

eXV² is a free CMS for building and operating private home pages, small and large communities and it's also easily used for small to medium business presences.

Description

The CMS suffers from a remote reflected Cross-Site Scripting vulnerability when input passed thru "rssfeedURL" and "subm" parameter in "archive.php", "topics.php", "example.php" and "index.php" is not sanitized, allowing the attacker to execute arbitrary HTML and script code in a user's browser session and aid in phishing attacks.

Proof of Concept
exv2_xss.txtTXT
Disclosure Timeline
09.10.2010Vulnerability discovered.
10.10.2010Contact with the vendor.
14.10.2010No reply from vendor.
15.10.2010Public advisory released.
04.11.2010Vendor releases version 2.11 to address this issue (http://www.exv2.de/mydownloads,singlefile,lid,268.html).
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.packetstormsecurity.org/filedesc/exv2-xss.txt.html
[2]http://securityreason.com/wlb_show/WLB-2010100081
[3]http://securityreason.com/securityalert/7880
[4]http://xforce.iss.net/xforce/xfdb/62630
[5]http://www.securityfocus.com/bid/44169
[6]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4155
[7]http://osvdb.org/show/osvdb/69173
[8]http://osvdb.org/show/osvdb/69174
[9]http://osvdb.org/show/osvdb/69175
[10]http://osvdb.org/show/osvdb/69176
Changelog
15.10.2010Initial release
16.10.2010Added reference [1]
17.10.2010Added reference [2]
04.11.2010Added vendor status
06.11.2010Added reference [3], [4], [5] and [6]
13.11.2010Added reference [7], [8], [9] and [10]