SocialCMS <= 1.0.2 XSS (Persistent and Reflected) Vulnerabilities

SocialCMS 1.0.2 (and lower) is prone to a persistent XSS vulnerability due to an improper input sanitization of  “TR_title” parameter, passed to “my_admin/admin1_list_pages.php” via http POST method. Exploiting this vulnerability an authenticated user – which is able to publish an article – could insert arbitrary code in web management interface “Title” field – under “my_admin/admin1_list_pages.php?id=<page_id>&action=edit” – that will be executed when an administrator – or another user – will browse that web page.

Improper input sanitization of “TR_title” parameter causes also a Reflected XSS for the user which inserts html/javascript code.

MITRE CVE Numbering Authority assigned me CVE-2012-1982 for this vulnerability.

To view my Original Advisory:
SocialCMS 1.0.2 XSS (Persistent and Reflected) Advisory

Other related publications:
http://secunia.com/advisories/44313
http://osvdb.org/show/osvdb/80794
http://xforce.iss.net/xforce/xfdb/74540
http://xforce.iss.net/xforce/xfdb/74541
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1982
http://www.us-cert.gov/cas/bulletins/SB12-100.html
http://packetstormsecurity.org/files/111409/SocialCMS-1.0.2-Cross-Site-Scripting.html
http://www.securelist.com/en/advisories/44313
http://1337day.com/exploits/17895
http://www.cvedetails.com/cve/CVE-2012-1982/

SyndeoCMS <= 3.0.01 Persistent XSS

SyndeoCMS 3.0.01 (and lower) is prone to a persistent XSS vulnerability due to an improper input sanitization of  “email” parameter, passed to server side logic (path: “starnet/index.php”) via http POST method.
Exploiting this vulnerability an authenticated user – which is able to change his profile settings – could insert arbitrary code in “Site email” field that will be executed when another admin or user clicks on that user’profile.

MITRE CVE Numbering Authority assigned me CVE-2012-1979 for this vulnerability.

To view my Original Advisory:
SyndeoCMS <= 3.0.01 Persistent XSS Advisory

Other related publications:
http://osvdb.org/show/osvdb/80746
http://www.securityfocus.com/bid/52840
http://xforce.iss.net/xforce/xfdb/74545
http://packetstormsecurity.org/files/111405/SyndeoCMS-3.0.01-Cross-Site-Scripting.html
http://www.exploit-db.com/exploits/18686/
http://1337day.com/exploits/17894
http://www.thecybernuxbie.com/exploit-report/syndeocms-3-0-01-persistent-xss-vulnerability.aspx