lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060304230553.21155.qmail@securityfocus.com>
Date: 4 Mar 2006 23:05:53 -0000
From: roozbeh_afrasiabi@...oo.com
To: bugtraq@...urityfocus.com
Subject: [KAPDA::#31] - Runcms 1.x Cross_Site_Scripting vulnerability in
 bigshow.php


[KAPDA::#31] - Runcms 1.x Cross_Site_Scripting vulnerability in bigshow.php

KAPDA New advisory

Vulnerable products : Runcms 1.x 
Vendor:  www.runcms.org
Risk: Low 
Vulnerabilities: Cross_Site_Scripting
Discoverd by Roozbeh Afrasiabi
roozbeh[at]yahoo[dot]com
www.kapda.ir
www.persiax.com


Date :
--------------------
Found : N/A
Vendor Contacted : N/A

About :
--------------------
"Runcms Includes most things a webmaster would expect from a cms: downloads,links, tutorials section, polls, forums, news, faq, contact form,rss feeds,file uploads, blogging via xml-rpc, & more. Possibility to manage users as
groups with module/block specific access permissions, and extend functioa-lity via 3rd party module plug-ins. Has a simple yet good themability. 
Easy enough to use for users, while staying simple enough to extend & customize for coders." (from runcms.org) 


Vulnerability:
--------------------
Cross_Site_Scripting :

RUNCMS is affected by a  cross-site scripting  vulnerability. This issue is due to the failure of the application to properly sanitize user-
supplied input.

As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. 


Detail and PoC :
--------------------
Please view original advisory for more info.

Solution :
--------------------
N/A


Original Advisory :
--------------------
http://www.kapda.ir/advisory-280.html



Credit :
--------------------
Discoverd by Roozbeh Afrasiabi
roozbeh_afrasiabi[at]yahoo.com
Kapda
Security Science Researchers Insitute
www.kapda.ir
www.persiax.com 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ