← Advisories

Sitemagic CMS 2010.04.17 (SMExt) Remote Cross-Site Scripting Vulnerability

Medium
Advisory ID
ZSL-2011-5020
Release Date
21 June 2011
Vendor
Sitemagic CMS - http://www.sitemagic.org
Affected Version
2010.04.17
CVE
N/A
Tested On
Microsoft Windows XP Professional SP3 (EN), Apache 2.2.14 (Win32), PHP 5.3.1, MySQL 5.1.41
Summary

Sitemagic CMS is a fantastic new platform for building and maintaining great looking websites. It is very easy to set up and use, and is fully extendable and customizable.

Description

Sitemagic CMS suffers from a XSS vulnerability when parsing user input to the 'SMExt' parameter via GET method in 'index.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

Proof of Concept
sitemagic_xss.txtTXT
Disclosure Timeline
10.06.2011Initial contact with the vendor.
10.06.2011Vendor replies asking more details.
10.06.2011Sent vulnerability details to vendor.
11.06.2011Vendor replies.
12.06.2011Vendor confirms vulnerability.
15.06.2011Asked vendor for scheduled patch release date.
17.06.2011No reply from vendor.
18.06.2011Sent another e-mail to vendor asking for scheduled patch release date, pointing out the reasonable timeframe for fixing a XSS issue.
18.06.2011Vendor says that they will keep me posted when new release is available.
20.06.2011Informed the vendor that the advisory release will be on 21st of June.
21.06.2011Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://secunia.com/advisories/44728/
[2]http://www.securityfocus.com/bid/48355
[3]http://packetstormsecurity.org/files/102474
[4]http://osvdb.org/show/osvdb/73201
[5]http://securityreason.com/wlb_show/WLB-2011060067
Changelog
21.06.2011Initial release
22.06.2011Added reference [5]