SecurityvulnsSECURITYVULNS:DOC:11708[KAPDA::#31] - Runcms 1.x Cross_Site_Scripting vulnerability in bigshow.php
[KAPDA::#31] - Runcms 1.x Cross_Site_Scripting vulnerability in bigshow.php
KAPDA New advisory
Vulnerable products : Runcms 1.x
Vendor: www.runcms.org
Risk: Low
Vulnerabilities: Cross_Site_Scripting
Discoverd by Roozbeh Afrasiabi
roozbeh[at]yahoo[dot]com
www.kapda.ir
www.persiax.com
Date :
Found : N/A
Vendor Contacted : N/A
About :
"Runcms Includes most things a webmaster would expect from a cms: downloads,links, tutorials section, polls,
forums, news, faq, contact form,rss feeds,file uploads, blogging via xml-rpc, & more. Possibility to manage
users as
groups with module/block specific access permissions, and extend functioa-lity via 3rd party module
plug-ins. Has a simple yet good themability.
Easy enough to use for users, while staying simple enough to extend & customize for coders." (from
runcms.org)
Vulnerability:
Cross_Site_Scripting :
RUNCMS is affected by a cross-site scripting vulnerability. This issue is due to the failure of the
application to properly sanitize user-
supplied input.
As a result of this vulnerability, it is possible for a remote attacker to create a malicious link
containing script code that will be executed in the browser of an unsuspecting user when followed.
Detail and PoC :
Please view original advisory for more info.
Solution :
N/A
Original Advisory :
http://www.kapda.ir/advisory-280.html
Credit :
Discoverd by Roozbeh Afrasiabi
roozbeh_afrasiabi[at]yahoo.com
Kapda
Security Science Researchers Insitute
www.kapda.ir
www.persiax.com