Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[SNS Advisory No.85] XOOPS Multiple Cross-site Scripting Vulnerabilities

from [snsadv] Network Security [Permanent Link]
Subject: [SNS Advisory No.85] XOOPS Multiple Cross-site Scripting Vulnerabilities
Date: Tue, 25 Oct 2005 18:08:08 +0900 
----------------------------------------------------------------------
SNS Advisory No.85
XOOPS Multiple Cross-site Scripting Vulnerabilities

Problem first discovered on: Sun, 25 Sep 2005
Published on: Tue, 25 Oct 2005
----------------------------------------------------------------------

Severity Level:
---------------
  Medium


Overview:
---------
  Software XOOPS for building community websites contains multiple 
  cross-site scripting vulnerabilities.


Problem Description:
--------------------
  XOOPS is software for building community websites written in PHP. 

  XOOPS is provided with the specific tag called "XOOPS Code" that allows
    to register text with font attributes or images without HTML tag for
  modules including private message and forum. 

  Flaw exists in a part of sanitizing processes when converting "XOOPS
  Code" into HTML tag. Therefore, it is possible to register text with
  arbitrary script for "XOOPS Code" available modules. 

  In addition, another flaw also exists only for forum module(newbb) and
  it makes possible to submit text including arbitrary script to a forum.

  If the vulnerabilities are exploited, attacker's script might be
  executed when displaying a private message or a submitted message for
  the forum.  In this incident, users might be suffered from session
  hijack and the screen could be manipulated freely by attackers after 
  the users logging in.


Affected Versions:
------------------
  XOOPS 2.0.12 JP and prior versions 
  XOOPS 2.0.13.1 and prior versions
  XOOPS 2.2.3 RC1 and prior versions


Solution:
---------
  The vulnerabilities can be fixed by updating the software to any 
  version later than XOOPS 2.0.13 JP.
  http://xoopscube.jp/modules/documents/index.php?id=1


Discovered by:
--------------
  Keigo Yamazaki (LAC) 


Thanks to:
----------
This SNS Advisory is being published in coordination with 
Information-technology 
Promotion Agency, Japan (IPA) and JPCERT/CC. 

  http://jvn.jp/jp/JVN%2377105349/index.html
  http://www.ipa.go.jp/security/vuln/documents/2005/JVN_77105349_XOOPS.html


Disclaimer:
-----------
  The information contained in this advisory may be revised without prior
  notice and is provided as it is. Users shall take their own risk when
  taking any actions following reading this advisory. LAC Co., Ltd.
  shall take no responsibility for any problems, loss or damage caused
  by, or by the use of information provided here.

  This advisory can be found at the following URL:
  http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/85_e.html
----------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [SNS Advisory No.85] XOOPS Multiple Cross-site Scripting Vulnerabilities, snsadv <=
Previous by Date:  [Full-disclosure] SEC-Consult SA 20051025-1 :: RSA ACE Web Agent XSS, Bernhard Mueller
Next by Date:  [Full-disclosure] phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., Paul Laudanski
Previous by Thread:  [Full-disclosure] SEC-Consult SA 20051025-1 :: RSA ACE Web Agent XSS, Bernhard Mueller
Next by Thread:  [Full-disclosure] phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., Paul Laudanski
Indexes:  [Date] [Thread] [Top] [All Lists]