Micro CMS: Cross-site Scripting Vulnerability

Users of Micro CMS please be advised of a Cross-site Scripting vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

SecPod 1004: Micro CMS Cross-site Scripting
Affected Software:


Micro CMS 1.0 beta 1 and prior
Technical Description:


Micro CMS is prone to a Persistent Cross-Site vulnerability because it fails to

properly sanitize user-supplied input.

Input passed via the ‘name’ parameter(also in text-area) in a comment section

to “comments/send/” is not properly verified before it is returned to the

user. This can be exploited to execute arbitrary HTML and script code in a

user’s browser session in the context of a vulnerable site. This may allow

the attacker to steal cookie-based authentication and to launch further attacks.

Read more at http://www.criticalwatch.com