← Advisories

PG eLMS Pro vDEC_2007_01 (contact_us.php) Multiple POST XSS Vulnerabilities

Medium
Advisory ID
ZSL-2011-5027
Release Date
14 July 2011
Vendor
PilotGroup Ltd - http://www.elmspro.com
Affected Version
DEC_2007_01
CVE
N/A
Tested On
Microsoft Windows XP Professional SP3 (EN), Apache 1.3.27 (Win32), PHP 5.2.4, MySQL 14.14 Distrib 5.1.43 (Win32-ia32)
Summary

eLMS Pro solution is an outstanding and yet simple Learning Management system. Our product is designed for any education formations: from small distance training companies up to big colleges and universities. The system allows to build courses, import SCORM content, deploy online learning, manage users, communicate with users, track training results, and more.

Description

Input passed via the 'subject', 'name', 'email' and 'body' parameters to 'contact_us.php' script is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Proof of Concept
elms_xss.htmlTXT
Disclosure Timeline
08.07.2011Vulnerability discovered.
08.07.2011Initial contact with the vendor.
13.07.2011No response from vendor.
14.07.2011Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://packetstormsecurity.org/files/103052
[2]http://www.exploit-db.com/exploits/17531/
[3]http://www.securityfocus.com/bid/48681
[4]http://securityreason.com/exploitalert/10621
[5]http://xforce.iss.net/xforce/xfdb/68567
[6]http://secunia.com/advisories/40163/
Changelog
14.07.2011Initial release
15.07.2011Added reference [3] and [4]
19.07.2011Added reference [5] and [6]