On Wed, Jan 12, 2011 at 03:51:15PM -0700, [email protected] wrote: > [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue > > Details > ============= > Product: Contao CMS 2.9.2 > Security-Risk: moderated > Remote-Exploit: yes > Vendor-URL: http://www.contao.org/ > Advisory-Status: published > > Credits > ============= > Discovered by: David Vieira-Kurz > > Affected Products: > ============= > Contao CMS 2.9.2 > Prior versions may also be vulnerable > > Description > ============= > "Contao is an open source content management system (CMS) for people who want > a professional internet presence that is easy to maintain." - from > www.contao.org > > More Details > ============= > I have discovered some vulnerabilities in Contao CMS 2.9.2, which can be > exploited by malicious people to conduct persistent cross-site scripting > attacks. Input passed directly over the "HTTP_X_FORWARDED_FOR" header in > "/system/libraries/Environment.php" is not properly sanitised before being > stored and returned to the user out from the > "/system/modules/comments/Comments.php" file when the user browses the > "/contao/main.php?do=comments" site. This can be exploited to execute > arbitrary HTML and script code in a user's browser session in context of an > affected site. > > Solution > ============= > Update to the patched version 2.9.3. > > Timeline > ================ > 2010-12-24, vendor informed ( see ticket 2751 ) > 2011-01-01, vendor confirmed the issue > 2011-01-06, vendor relased a patched version(2.9.3) > 2011-01-12, advisory published > > Use of terms > ================ > Unaltered electronic reproduction of this advisory is permitted. For all > other reproduction or publication, in printing or otherwise, contact us for > permission. Use of the advisory constitutes acceptance for use in an "as is" > condition. All warranties are excluded. In no event shall MajorSecurity be > liable for any damages whatsoever including direct, indirect, incidental, > consequential, loss of business profits or special damages, even if > MajorSecurity has been advised of the possibility of such damages.
CVE-2011-0508 - Henri Salo
