Wednesday, July 11, 2012

HTB23097: Kajona multiple cross-site scripting (XSS) vulnerabilities

Kajona Kajona version 3.4.1 suffer from cross-site scripting (XSS) vulnerabilities:
Input passed via the "absender_name", "absender_email" and "absender_nachricht" GET parameters to "index.php" (when "page" is set to "contact"); "comment_name", "comment_subject" and "comment_message" GET parameters to "index.php" (when "page" is set to "postacomment"); "module" GET parameter to "index.php"; "action" GET parameter to "index.php" (when "module" is set to "login" and "admin" is set to "1"); "pv" and "pe" GET parameters to "index.php" (when "module" is set to "user", "action" is set to "list" and "admin" is set to "1"); "user_username", "user_email", "user_forename", "user_name", "user_street", "user_postal", "user_city", "user_tel" and "user_mobile" GET parameters to "index.php" (when "module" is set to "user", "action" is set to "newUser" and "admin" is set to "1"); "group_name" and "group_desc" GET parameters to "index.php" (when "module" is set to "user", "action" is set to "groupNew" and "admin" is set to "1"); "name", "browsername", "seostring", "keywords" and "folder_id" GET parameters to "index.php" (when "module" is set to "pages", "action" is set to "newPage" and "admin" is set to "1"); "element_name" and "element_cachetime" GET parameters to "index.php" (when "module" is set to "pages", "action" is set to "newElement" and "admin" is set to "1"); "aspect_name" GET parameter to "index.php" (when "module" is set to "system", "action" is set to "newAspect" and "admin" is set to "1"); "filemanager_name", "filemanager_path", "filemanager_upload_filter" and "filemanager_view_filter" GET parameters to "index.php" (when "module" is set to "filemanager", "action" is set to "newRepo" and "admin" is set to "1"); "archive_title" and "archive_path" GET parameters to "index.php" (when "module" is set to "downloads", "action" is set to "newArchive" and "admin" is set to "1") are not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of the affected website.

Vulnerability ID: HTB23097
Vulnerability Type: Cross-Site Scripting (XSS)
Risk level: Medium
Vendor Notification / Patch / Public Disclosure Dates: 20 June / 26 June / 11 July 2012
Solution: Fixed, upgrade to Kajona v3.4.2

Full details of this advisory with PoC-code examples available on HTB23097 Security Advisory: Multiple Cross-Site Scripting (XSS) in Kajona.

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)