PowerPortal v1.1b Cross-Site Scripting Vulnerability Critical: Less critical Impact: Cross Site Scripting Where: From remote Software: PowerPortal v1.1b Description: Cross-Site Scripting attack in this CMS can be exploited by malicious users. The vulnerabilities are caused due to missing validation of input supplied in the search box forum in the main page. This can be exploited by including arbitrary HTML or script code in the parameter, which will cause it to be executed in a user's browser session when viewed. Example: <script>alert(document.domain);</script> This vulnerabilities have been reported in PowerPortal v1.1b (http://powerportal.sourceforge.net) Vendor has been warned about this. Solution: Filter malicious input in a HTTP proxy or firewall with URL filtering capabilities. Reported by / credits: David Sopas Ferreira @ systemsecure.org
