Acuity CMS 2.6.x <= Cross Site Scripting
1. OVERVIEW Acuity CMS 2.6.x (ASP-based) versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION "UserName" parameter is not properly sanitized upon submission to the URL, /admin/login.asp , which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED Tested in version 2.6.2. 5. PROOF-OF-CONCEPT/EXPLOIT http://localhost/admin/login.asp?UserName= "><script>prompt(/xss/)</script> 6. SOLUTION The Acunity CMS is no longer in active development. It is recommended to user another CMS in active development and support. 7. VENDOR The Collective http://www.thecollective.com.au/ 8. CREDIT Aung Khant, http://yehg.net , YGN Et...