PolarisCMS suffers from a cross site scripting issue when input passed to the function 'WebForm_OnSubmit()' via the URL to blog.aspx is not properly sanitized before being returned to the user.
0aa6444ecc73043ef5429138f03b93cf4e5521b6824da406cad980ccbdaae119
PolarisCMS (blog.aspx) Remote URI Based Cross-Site Scripting Vulnerability
Vendor: PolarisCMS
Product web page: http://www.polariscms.com
Affected version: 2012
Summary: PolarisCMS is a White Label CMS (content management System) providing
more features, functions and flexibility to global web professionals, than ever
before. The breakthrough technology used for this web platform has been built
over a 6 year period and includes a highly advanced Website Builder CMS, a
full-scale Online Catalog and Ecommerce Shopping Cart, and a range of high-end
functional tools to create feature-rich websites.
Desc: PolarisCMS suffers from a XSS issue when input passed to the function
'WebForm_OnSubmit()' via the URL to blog.aspx is not properly sanitised before
being returned to the user. This can be exploited to execute arbitrary HTML and
script code in a user's browser session in context of an affected site.
Tested on: Microsoft IIS/6.0
ASP.NET 4.0.30319
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2012-5095
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5095.php
05.08.2012
---
http://HOST/reselleradmin/blog.aspx?%27%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E
http://HOST/reselleradmin/blog.aspx?%27onmouseover=prompt(101)%3E
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed