Title: DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities
Advisory ID: ZSL-2011-5006
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 03.04.2011

Summary

DoceboLMS is a SCORM compliant Open Source e-Learning platform used in corporate, government and education markets.

Description

DoceboLMS suffers from multiple stored XSS vulnerabilities pre and post auth. Input thru the POST parameters 'name', 'code' and 'title' in index.php is not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site. URI based XSS vulnerabilities are also present.

Vendor

Docebo - http://www.docebo.org

Affected Version

4.0.4 CE

Tested On

Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41

Vendor Status

N/A

PoC

docebo_xss.html

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] http://www.exploit-db.com/exploits/17110/
[2] http://securityreason.com/exploitalert/10272
[3] http://secunia.com/advisories/43972/
[4] http://packetstormsecurity.org/files/100033
[5] http://www.securityfocus.com/bid/47150
[6] http://osvdb.org/show/osvdb/71455
[7] http://www.vupen.com/english/advisories/2011/0868
[8] http://xforce.iss.net/xforce/xfdb/66550

Changelog

[03.04.2011] - Initial release
[04.04.2011] - Added reference [1], [2], [3] and [4]
[05.04.2011] - Added reference [5], [6] and [7]
[07.04.2011] - Added reference [8]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk