PolarisCMS (blog.aspx) Remote URI Based Cross-Site Scripting Vulnerability

Title: PolarisCMS (blog.aspx) Remote URI Based Cross-Site Scripting Vulnerability
Advisory ID: ZSL-2012-5095
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 05.08.2012
Summary
PolarisCMS is a White Label CMS (content management System) providing more features, functions and flexibility to global web professionals, than ever before. The breakthrough technology used for this web platform has been built over a 6 year period and includes a highly advanced Website Builder CMS, a full-scale Online Catalog and Ecommerce Shopping Cart, and a range of high-end functional tools to create feature-rich websites.
Description
PolarisCMS suffers from a XSS issue when input passed to the function 'WebForm_OnSubmit()' via the URL to blog.aspx is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Vendor
PolarisCMS - http://www.polariscms.com
Affected Version
2012
Tested On
Microsoft IIS/6.0
ASP.NET 4.0.30319
Vendor Status
N/A
PoC
polariscms_xss.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://cxsecurity.com/issue/WLB-2012080046
[2] http://packetstormsecurity.org/files/115304
[3] http://www.securityfocus.com/bid/54817
[4] http://xforce.iss.net/xforce/xfdb/77441
Changelog
[05.08.2012] - Initial release
[06.08.2012] - Added reference [1]
[07.08.2012] - Added reference [2], [3] and [4]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk