KindEditor 4.1.2 (name parameter) Reflected XSS Vulnerability

Title: KindEditor 4.1.2 (name parameter) Reflected XSS Vulnerability
Advisory ID: ZSL-2012-5100
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 23.08.2012
Summary
KindEditor online HTML editor is a set of open source, mainly for users on the site to get WYSIWYG editing effects, developers can replace the traditional multi-line text input box (textarea) KindEditor rich visualization text input box.
Description
KindEditor is prone to a reflected cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'name' parameter thru the 'index.php' script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

--------------------------------------------------------------------------------

/index.php:
-----------
14: editor = K.create('textarea[name="<?php echo $name; ?>"]', {

--------------------------------------------------------------------------------

Vendor
Shanghai Hao Yue Software Co., Ltd. - http://www.kindeditor.net
Affected Version
4.1.2 and 4.0.6
Tested On
Microsoft Windows 7 Ultimate SP1 (EN)
Apache 2.4.2 (Win32)
PHP 5.4.4
MySQL 5.5.25a
Vendor Status
N/A
PoC
kindeditor_xss.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://packetstormsecurity.org/files/115819
[2] http://cxsecurity.com/issue/WLB-2012080210
[3] http://www.securityfocus.com/bid/55172
[4] http://xforce.iss.net/xforce/xfdb/77951
Changelog
[23.08.2012] - Initial release
[24.08.2012] - Added reference [3]
[26.08.2012] - Added reference [4]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk