High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in CruxCMS which could be exploited to perform cross-site scripting attacks.
Cross-site scripting (XSS) vulnerability in CruxCMS: CVE-2008-0700
The vulnerability exists due to input sanitation error in the “search” parameter in search.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
Exploitation example:
http://host/search.php?search='"><script>alert(234)</script% 3E
This vulnerability was independently discovered by Psiczn and it was assigned a CVE number CVE-2008-0700.
Cross-site scripting (XSS) vulnerability in CruxCMS: CVE-2010-2717
The vulnerability exists due to input sanitation error in the “txtusername” HTTP POST parameter in login.php. A remote attacker can send a specially crafted HTTP POST request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
Exploitation example:
<form method=“POST” action=“http://host/manager/login.php” name=“main”>
<input type=hidden name=txtusername value=‘"><script>alert(document.cookie)</script>’>
<input type=hidden name=txtpassword value=‘’>
<input type=hidden name=cmdSubmit value=‘Submit’>
</form>
<script>
document.main.submit();
</script>