|
Description
|
|
Multiple vulnerabilities have been discovered in bitweaver, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.
1) Input passed via the "author_name" parameter to articles/edit.php is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious article is being viewed.
2) Input passed via the URL to users/register.php is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This is related to:
SA28024
3) Input passed via the URL to stencils/index.php and stencils/list_stencils.php is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
4) Input passed via the "textarea_id" parameter to quicktags/special_chars.php is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
5) Input passed via the "email" POST parameter to users/register.php (when "register" is set to "Register") is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
6) Input passed via the "title", "description", and "cost" parameters to events/edit.php is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious article is being viewed.
7) Input passed via the "username" POST parameter to users/remind_password.php, "days" POST parameter to stats/index.php, and "login" POST parameters to users/register.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are confirmed in version 2.8.1. Other versions may also be affected.
|
