Fork CMS 3.2.7 Multiple HTML Code Injection Vulnerabilities

Title: Fork CMS 3.2.7 Multiple HTML Code Injection Vulnerabilities
Advisory ID: ZSL-2012-5076
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 06.03.2012
Summary
Fork is an open source cms that will rock your world.
Description
Fork CMS suffers from multiple XSS vulnerabilities when parsing user input to several parameters in different scripts, via POST and GET methods. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session.
Vendor
Fork CMS - http://www.fork-cms.com
Affected Version
3.2.7 and 3.2.6
Tested On
Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.21
PHP 5.3.9
MySQL 5.5.20
Vendor Status
[04.03.2012] Vendor notified.
[06.03.2012] Public security advisory released.
[12.03.2012] Vendor releases version 3.3.0 and 3.3.1 to address these issues.
PoC
forkcms_xss.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://forkcms.lighthouseapp.com/projects/61890/tickets/277-multiple-cross-site-scripting-xss-vulnerabilities-in-fork-cms-327
[2] http://cxsecurity.com/issue/WLB-2012030037
[3] http://packetstormsecurity.org/files/110459
[4] http://secunia.com/advisories/48067
[5] http://exploitsdownload.com/exploit/na/fork-cms-327-cross-site-scripting
[6] http://www.securityfocus.com/bid/52319
[7] http://xforce.iss.net/xforce/xfdb/73751
[8] https://github.com/forkcms/forkcms/commit/9127077c8df255aaab487e54f914858763947180#diff-0
[9] https://github.com/forkcms/forkcms/commit/bdeb2c4c91aea3e45cc6e09ba7ff90ed008673d0#diff-0
[10] http://www.osvdb.org/show/osvdb/80059
[11] http://www.osvdb.org/show/osvdb/80060
[12] http://www.osvdb.org/show/osvdb/80061
[13] http://www.osvdb.org/show/osvdb/80062
[14] http://www.osvdb.org/show/osvdb/80063
[15] http://www.osvdb.org/show/osvdb/80064
Changelog
[06.03.2012] - Initial release
[07.03.2012] - Added reference [3], [4], [5] and [6]
[10.03.2012] - Added reference [7]
[12.03.2012] - Added vendor status and reference [8] and [9]
[16.03.2012] - Added reference [10], [11], [12], [13], [14] and [15]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk