[KAPDA::#31] - Runcms 1.x Cross_Site_Scripting vulnerability in bigshow.php
[KAPDA::#31] - Runcms 1.x Cross_Site_Scripting vulnerability in bigshow.php
KAPDA New advisory
Vulnerable products : Runcms 1.x
Vendor: www.runcms.org
Risk: Low
Vulnerabilities: Cross_Site_Scripting
Discoverd by Roozbeh Afrasiabi
roozbeh[at]yahoo[dot]com
www.kapda.ir
www.persiax.com
Date :
--------------------
Found : N/A
Vendor Contacted : N/A
About :
--------------------
"Runcms Includes most things a webmaster would expect from a cms:
downloads,links, tutorials section, polls, forums, news, faq, contact form,rss
feeds,file uploads, blogging via xml-rpc, & more. Possibility to manage users as
groups with module/block specific access permissions, and extend functioa-lity
via 3rd party module plug-ins. Has a simple yet good themability.
Easy enough to use for users, while staying simple enough to extend & customize
for coders." (from runcms.org)
Vulnerability:
--------------------
Cross_Site_Scripting :
RUNCMS is affected by a cross-site scripting vulnerability. This issue is due
to the failure of the application to properly sanitize user-
supplied input.
As a result of this vulnerability, it is possible for a remote attacker to
create a malicious link containing script code that will be executed in the
browser of an unsuspecting user when followed.
Detail and PoC :
--------------------
Please view original advisory for more info.
Solution :
--------------------
N/A
Original Advisory :
--------------------
http://www.kapda.ir/advisory-280.html
Credit :
--------------------
Discoverd by Roozbeh Afrasiabi
roozbeh_afrasiabi[at]yahoo.com
Kapda
Security Science Researchers Insitute
www.kapda.ir
www.persiax.com