phpWebSite 0.7.3/0.8.x/0.9.x Comment Module - 'CM_pid' Cross-Site Scripting

EDB-ID:

24425


Platform:

PHP

Published:

2004-09-01

source: http://www.securityfocus.com/bid/11088/info

It is reported that phpWebSite is susceptible to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities.

The cross-site scripting issue is present in a parameter of the comments module script. An attacker can exploit these issues by creating a malicious link to the vulnerable module containing HTML and script code and send this link to a vulnerable user. When the user follows the link, the attacker-supplied code renders in the user's browser.

An SQL injection issue exists in the application as well. This issue affects a parameter of the calendar module script. This issue may be exploited to cause sensitive information to be disclosed to a remote attacker.

Finally, a HTML Injection vulnerability is reported to affect the application. The problem is said to occur in the notes module due to a lack of sufficient sanitization performed on user supplied data.

Attackers may potentially exploit this issue to manipulate web content, take unauthorized site actions in the context of the victim, or to steal cookie-based authentication credentials.

These vulnerabilities were reported in phpWebsite 0.9.3-4, previous versions are also reported to be vulnerable.

/index.php?module=comments&CM_op=replyToComment&CM_pid=1[XSS]