Bitweaver CMS Multiple Cross-Site Scripting Vulnerabilities

Bugtraq ID:	17406
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 07 2006 12:00AM
Updated:	Jun 19 2006 04:45PM
Credit:	KaDaL-X is credited with the discovery of this vulnerability.
Vulnerable:	Bitweaver Bitweaver 1.3
Not Vulnerable:

Bitweaver CMS Multiple Cross-Site Scripting Vulnerabilities

Bitweaver CMS is prone to multiple cross-site scripting vulnerabilities. Thess issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Bitweaver CMS Multiple Cross-Site Scripting Vulnerabilities

These issues can be exploited through a web client.

Example URIs have been provided:

• /data/vulnerabilities/exploits/bitweaver-sql-inj.txt
• /data/vulnerabilities/exploits/bitweaver-sql-inj2.txt

Bitweaver CMS Multiple Cross-Site Scripting Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected].

Bitweaver CMS Multiple Cross-Site Scripting Vulnerabilities

References:

• Bitweaver Homepage (bitweaver)
  
• bitweaver <= v1.3 multiple vulnerabilities ([email protected])