TGS Content Management Multiple Vulnerabilities

vendor:

Content Management

by:

SecurityFocus

7.5

CVSS

HIGH

HTML-injection and Cross-site Scripting

79,8

CWE

Product Name: Content Management

Affected Version From: 0.3.2r2

Affected Version To: 0.3.2r2

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

TGS Content Management Multiple Vulnerabilities

TGS Content Management is prone to an HTML-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/30157/info
 
TGS Content Management is prone to an HTML-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
 
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible.
 
TGS Content Management 0.3.2r2 is vulnerable; other versions may also be affected.

http://www.example.com/cms/login.php?previous_page=/cms/index.php?msg=">/><script>alert(/xs/)</script>
http://www.example.com/cms/login.php?previous_page=/cms/index.php?goodmsg=">/><script>alert(/xs/)</script>