|
Description
|
|
sec4it has discovered multiple vulnerabilities in BIGACE Web CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
1) Input passed via the keys and values of POST parameters to public/index.php (when "cmd" is set to "application" and "id" is set to e.g. "-1_tauth_klogin_len") is not properly sanitised in system/application/auth/login.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Input passed via the "username" POST parameter to public/index.php (when "cmd" is set to "application" and "id" is set to e.g. "-1_tauth_kpassword_len") is not properly sanitised in system/application/auth/password.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) Input passed via the "language" POST parameter to public/index.php (when "cmd" is set to "application" and "id" is set to e.g. "-1_tsearch_len") is not properly sanitised in system/application/search/search.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are confirmed in version 2.7.6. Prior versions may also be affected.
|
