← Advisories

Artiphp CMS v5.5.0 Multiple XSS POST Injection Vulnerabilities

Medium

Advisory ID

ZSL-2012-5090

Release Date

16 May 2012

Vendor

Artiphp - http://www.artiphp.com

Affected Version

5.5.0 Neo (r422)

CVE

CVE-2012-2906

Tested On

Microsoft Windows XP Professional SP3 (EN), Apache 2.2.21, PHP 5.3.8, MySQL 5.5.20

Summary

Artiphp is a content management system (CMS) open and free to create and manage your website.

Description

Artiphp CMS suffers from multiple cross-site scripting vulnerabilities via several parameters thru POST method. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session.

Proof of Concept

artiphp_xss.txtTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://www.zeroscience.mk/#/advisories/ZSL-2012-5088

[2]https://www.zeroscience.mk/#/advisories/ZSL-2012-5089

[3]http://cxsecurity.com/issue/WLB-2012050120

[4]http://packetstormsecurity.org/files/112804

[5]http://www.1337day.com/exploits/18288

[6]http://www.securityfocus.com/bid/53586

[7]http://secunia.com/advisories/49195

[8]http://xforce.iss.net/xforce/xfdb/75689

[9]http://www.osvdb.org/show/osvdb/81990

[10]http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2906

Changelog

16.05.2012Initial release

18.05.2012Added reference [4], [5], [6], [7] and [8]

22.05.2012Added reference [9]

26.05.2012Added reference [10]