Qool CMS Multiple HTML Injection Vulnerabilities

Bugtraq ID:	58328
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 05 2013 12:00AM
Updated:	Mar 05 2013 12:00AM
Credit:	Gjoko Krstic
Vulnerable:	Qool CMS Qool CMS 2.0 RC2
Not Vulnerable:

Qool CMS Multiple HTML Injection Vulnerabilities

Qool CMS is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks may also be possible.

Qool CMS 2.0 RC2 is vulnerable; other versions may also be affected.

Qool CMS Multiple HTML Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example code is available:

• /data/vulnerabilities/exploits/58328.html

Qool CMS Multiple HTML Injection Vulnerabilities

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Qool CMS Multiple HTML Injection Vulnerabilities

References:

• Qool CMS Home Page (Qool CMS)
  
• Qool CMS v2.0 RC2 Multiple HTML And JavaScript Injection Vulnerabilities (Gjoko Krstic)