Acuity CMS 2.6.x <= Cross Site Scripting
1. OVERVIEWAcuity CMS 2.6.x (ASP-based) versions are vulnerable to Cross Site Scripting.
2. BACKGROUNDAcuity CMS is a powerful but simple, extremely easy to use, low
priced, easy to deploy content management system. It is a leader in
its price and feature class.
3. VULNERABILITY DESCRIPTION"UserName" parameter is not properly sanitized upon submission to the
URL, /admin/login.asp , which allows attacker to conduct Cross Site
Scripting attack. This may allow an attacker to create a specially
crafted URL that would execute arbitrary script code in a victim's
browser.
4. VERSIONS AFFECTEDTested in version 2.6.2.
5. PROOF-OF-CONCEPT/EXPLOIThttp://localhost/admin/login.asp?UserName="><script>prompt(/xss/)</script>
6. SOLUTIONThe Acunity CMS is no longer in active development.
It is recommended to user another CMS in active development and support.
7. VENDORThe Collective
http://www.thecollective.com.au/
8. CREDITAung Khant, http://yehg.net, YGN Ethical Hacker Group, Myan…
2. BACKGROUNDAcuity CMS is a powerful but simple, extremely easy to use, low
priced, easy to deploy content management system. It is a leader in
its price and feature class.
3. VULNERABILITY DESCRIPTION"UserName" parameter is not properly sanitized upon submission to the
URL, /admin/login.asp , which allows attacker to conduct Cross Site
Scripting attack. This may allow an attacker to create a specially
crafted URL that would execute arbitrary script code in a victim's
browser.
4. VERSIONS AFFECTEDTested in version 2.6.2.
5. PROOF-OF-CONCEPT/EXPLOIThttp://localhost/admin/login.asp?UserName="><script>prompt(/xss/)</script>
6. SOLUTIONThe Acunity CMS is no longer in active development.
It is recommended to user another CMS in active development and support.
7. VENDORThe Collective
http://www.thecollective.com.au/
8. CREDITAung Khant, http://yehg.net, YGN Ethical Hacker Group, Myan…