DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities

Title: DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities
Advisory ID: ZSL-2011-5006
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 03.04.2011
Summary
DoceboLMS is a SCORM compliant Open Source e-Learning platform used in corporate, government and education markets.
Description
DoceboLMS suffers from multiple stored XSS vulnerabilities pre and post auth. Input thru the POST parameters 'name', 'code' and 'title' in index.php is not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site. URI based XSS vulnerabilities are also present.
Vendor
Docebo - http://www.docebo.org
Affected Version
4.0.4 CE
Tested On
Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
Vendor Status
N/A
PoC
docebo_xss.html
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.exploit-db.com/exploits/17110/
[2] http://securityreason.com/exploitalert/10272
[3] http://secunia.com/advisories/43972/
[4] http://packetstormsecurity.org/files/100033
[5] http://www.securityfocus.com/bid/47150
[6] http://osvdb.org/show/osvdb/71455
[7] http://www.vupen.com/english/advisories/2011/0868
[8] http://xforce.iss.net/xforce/xfdb/66550
Changelog
[03.04.2011] - Initial release
[04.04.2011] - Added reference [1], [2], [3] and [4]
[05.04.2011] - Added reference [5], [6] and [7]
[07.04.2011] - Added reference [8]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk