XSS vulnerability in boastMachine

From: advisory@xxxxxxxxxxx
Date: Sat, 5 Jun 2010 16:44:04 +0200 (CEST)

Vulnerability ID: HTB22399
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_boastmachine.html
Product: boastMachine
Vendor: Kailash Nadh
Vulnerable Version: 3.1 and Probably Prior Versions
Vendor Notification: 20 May 2010
Vulnerability Type: XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium
Credit: High-Tech Bridge SA (http://www.htbridge.ch/)

Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.

The vulnerability exists due to failure in the [xxx] script to properly sanitize user-supplied input in [yyy] variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.

An attacker can use browser to exploit this vulnerability. The following PoC is available:

http://host/?action=search&title=item&blog=1&key=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

Prev by Date: XSRF (CSRF) in CuteSITE CMS
Next by Date: SQL injection vulnerability in boastMachine
Previous by thread: XSRF (CSRF) in CuteSITE CMS
Next by thread: SQL injection vulnerability in boastMachine
Index(es):
- Date
- Thread

Relevant Pages

Multiple vulnerabilities in Template CMS
... Advisory ID: HTB23115 ... Product: Template CMS ... Vendor Notification: September 12, 2012 ... The following PoC demonstrates the vulnerability: ...
(Bugtraq)
[SIG^2 G-TEC] 602LAN SUITE Web Mail Vulnerability Allows File Upload to Arbitrary Directories
... SIG^2 Vulnerability Research Advisory ... 602LAN SUITE Web Mail Vulnerability Allows File Upload to Arbitrary Directories ... 24 Jan 05 - Second Vendor Notification using online Bug Report Form and Email. ...
(Bugtraq)
Webcalendar 1.2.4 location XSS
... This allows malicious scripts to be added. ... This is a stored XSS ...
(Bugtraq)
Re: Tinyguestbook XSS
... There is no sanitation on the input of the msg variable. ... malicious scripts to be added. ... There is also SQL-injection vulnerability, ...
(Bugtraq)
Cross-Site Scripting (XSS) in Kayako Fusion
... Advisory ID: HTB23095 ... Vendor Notification: June 6, 2012 ... High-Tech Bridge SA Security Research Lab has discovered vulnerability in Kayako Fusion, which can be exploited to perform Cross-Site Scripting attacks. ...
(Bugtraq)