Webessence CMS 'type' Parameter Cross-Site Scripting Vulnerability

Bugtraq ID:	39617
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 12 2010 12:00AM
Updated:	Apr 12 2010 12:00AM
Credit:	Russ McRee
Vulnerable:	Webessence Webessence CMS 1.0
Not Vulnerable:	Webessence Webessence CMS 1.0.2

Webessence CMS 'type' Parameter Cross-Site Scripting Vulnerability

Webessence CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and to launch other attacks.

Webessence CMS 1.0 is vulnerable; other versions may also be affected.

Webessence CMS 'type' Parameter Cross-Site Scripting Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

Webessence CMS 'type' Parameter Cross-Site Scripting Vulnerability

Solution:
Updates are available. Please see the references for more information.


Webessence Webessence CMS 1.0

• Webessence Webessence CMS.zip
  http://www.webessence.nl/webessence/uploads/other/webessence-cms.zip

Webessence CMS 'type' Parameter Cross-Site Scripting Vulnerability

References:

• Webessence CMS (Webessence )
  
• Webessence CMS Homepage (Webessence)
  
• Webessence CMS Homepage (HolisticInfoSec)