← Advisories

DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities

Medium
Advisory ID
ZSL-2011-5006
Release Date
03 April 2011
Vendor
Docebo - http://www.docebo.org
Affected Version
4.0.4 CE
CVE
N/A
Tested On
Microsoft Windows XP Professional SP3 (EN), Apache 2.2.14 (Win32), PHP 5.3.1, MySQL 5.1.41
Summary

DoceboLMS is a SCORM compliant Open Source e-Learning platform used in corporate, government and education markets.

Description

DoceboLMS suffers from multiple stored XSS vulnerabilities pre and post auth. Input thru the POST parameters 'name', 'code' and 'title' in index.php is not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site. URI based XSS vulnerabilities are also present.

Proof of Concept
docebo_xss.htmlTXT
Disclosure Timeline
N/A
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.exploit-db.com/exploits/17110/
[2]http://securityreason.com/exploitalert/10272
[3]http://secunia.com/advisories/43972/
[4]http://packetstormsecurity.org/files/100033
[5]http://www.securityfocus.com/bid/47150
[6]http://osvdb.org/show/osvdb/71455
[7]http://www.vupen.com/english/advisories/2011/0868
[8]http://xforce.iss.net/xforce/xfdb/66550
Changelog
03.04.2011Initial release
04.04.2011Added reference [1], [2], [3] and [4]
05.04.2011Added reference [5], [6] and [7]
07.04.2011Added reference [8]