← Advisories

Hotaru CMS 1.4.2 SITE_NAME Parameter Stored XSS Vulnerability

Medium
Advisory ID
ZSL-2011-5057
Release Date
13 November 2011
Vendor
Hotaru CMS - http://www.hotarucms.org
Affected Version
1.4.2
CVE
CVE-2011-4709
Tested On
Microsoft Windows XP Professional SP3 (EN), Apache 2.2.21, MySQL 5.5.16, PHP 5.3.8
Summary

Hotaru CMS is an open source, PHP platform for building your own websites. With flexible plugins and themes, you can make any site you like.

Description

The CMS suffers from multiple XSS vulnerabilities. Input thru the POST parameters 'SITE_NAME' (stored), 'return' (reflected) and the GET parameter 'search' (reflected) thru Hotaru.php, are not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site.

Proof of Concept
hotarucms_xss.htmlTXT
Disclosure Timeline
N/A
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://packetstormsecurity.org/files/106938
[2]http://securityreason.com/wlb_show/WLB-2011110045
[3]http://secunia.com/advisories/46842/
[4]http://www.securityfocus.com/bid/50657
[5]http://osvdb.org/show/osvdb/77095
[6]http://xforce.iss.net/xforce/xfdb/71300
[7]http://xforce.iss.net/xforce/xfdb/71301
[8]http://xforce.iss.net/xforce/xfdb/71302
[9]http://osvdb.org/show/osvdb/77680
[10]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4709
[11]http://www.naked-security.com/nsa/201744.htm
Changelog
13.11.2011Initial release
14.11.2011Added reference [1], [2] and [3]
15.11.2011Added reference [4], [5], [6], [7] and [8]
12.01.2012Added reference [9], [10] and [11]