Wiccle Web Builder CMS and iWiccle CMS Community Builder: Multiple Cross Site Scripting Vulnerability

Users of Wiccle Web Builder CMS and iWiccle CMS Community Builder please be advised of a Multiple Cross Site Scripting vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

SecPod 1005: Wiccle Web Builder CMS and iWiccle CMS Community Builder - Multiple Cross-Site Scripting Vulnerabili

Affected Software: ------------------ Wiccle Web Builder CMS 2.0 (wwb_101.zip) iWiccle CMS Community Builder 2.0 (iwiccle_1211.zip)

Technical Description: ---------------------- Wiccle Web Builder CMS and iWiccle CMS Community Builder is prone to multiple Cross-Site vulnerabilities because it fails to properly sanitize user-supplied input.

1) Input passed via the 'member_city' parameter to 'index.php' when 'module' is set to 'dating' and 'show' is set to 'member_search' is not properly verified before it is returned to the user. NOTE: This vulnerability exists only in Wiccle Web Builder CMS

2) Input passed via the 'post_name', 'post_text', 'post_tag', 'post_member_name' parameter to 'index.php' when 'module' is set to various (Auctions, Audio etc.,) options and 'show' is set to 'post_search' is not properly verified before it is returned to the user. NOTE: This vulnerability exists in both the products (Wiccle Web Builder CMS and iWiccle CMS Community Builder).

3) Input passed via the 'member_username', 'member_tags' parameter to 'index.php' when 'module' is set to 'members' and 'show' is set to 'member_search' is not properly verified before it is returned to the user. NOTE: This vulnerability exists in both the products (Wiccle Web Builder CMS and iWiccle CMS Community Builder).Read more at www.criticalwatch.com

 

See this Amp at http://amplify.com/u/dtqj