[KAPDA::#31] - Runcms 1.x Cross_Site_Scripting vulnerability in bigshow.php KAPDA New advisory Vulnerable products : Runcms 1.x Vendor: www.runcms.org Risk: Low Vulnerabilities: Cross_Site_Scripting Discoverd by Roozbeh Afrasiabi roozbeh[at]yahoo[dot]com www.kapda.ir www.persiax.com Date : -------------------- Found : N/A Vendor Contacted : N/A About : -------------------- "Runcms Includes most things a webmaster would expect from a cms: downloads,links, tutorials section, polls, forums, news, faq, contact form,rss feeds,file uploads, blogging via xml-rpc, & more. Possibility to manage users as groups with module/block specific access permissions, and extend functioa-lity via 3rd party module plug-ins. Has a simple yet good themability. Easy enough to use for users, while staying simple enough to extend & customize for coders." (from runcms.org) Vulnerability: -------------------- Cross_Site_Scripting : RUNCMS is affected by a cross-site scripting vulnerability. This issue is due to the failure of the application to properly sanitize user- supplied input. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. Detail and PoC : -------------------- Please view original advisory for more info. Solution : -------------------- N/A Original Advisory : -------------------- http://www.kapda.ir/advisory-280.html Credit : -------------------- Discoverd by Roozbeh Afrasiabi roozbeh_afrasiabi[at]yahoo.com Kapda Security Science Researchers Insitute www.kapda.ir www.persiax.com
