Title: CMSLogik 1.2.1 Multiple Persistent XSS Vulnerabilities
Advisory ID: ZSL-2013-5136
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 14.04.2013

Summary

CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This combination allows for greater security, extensive flexibility, and ease of use. You can use CMSLogik for almost any niche that your project might fall into.

Description

CMSLogik suffers from multiple stored XSS vulnerabilities when parsing user input to several parameters via POST method. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session.

Vendor

ThemeLogik - http://www.themelogik.com/cmslogik

Affected Version

1.2.1 and 1.2.0

Tested On

Router Webserver

Vendor Status

[05.04.2013] Vulnerability discovered.
[05.04.2013] Contact with the vendor.
[05.04.2013] Vendor replies asking more details.
[05.04.2013] Sent detailed information to the vendor.
[08.04.2013] Vendor confirms the issues promising patch.
[14.04.2013] Public security advisory released.

PoC

cmslogik_xss.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] http://cxsecurity.com/issue/WLB-2013040105
[2] http://www.exploit-db.com/exploits/24959/
[3] http://packetstormsecurity.com/files/121303
[4] http://osvdb.org/show/osvdb/92322
[5] http://osvdb.org/show/osvdb/92323
[6] http://osvdb.org/show/osvdb/92324
[7] http://osvdb.org/show/osvdb/92325
[8] http://osvdb.org/show/osvdb/92326
[9] http://xforce.iss.net/xforce/xfdb/83429
[10] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-3535
[11] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3535

Changelog

[14.04.2013] - Initial release
[15.04.2013] - Added reference [1] and [2]
[16.04.2013] - Added reference [3], [4], [5], [6], [7] and [8]
[19.04.2013] - Added reference [9]
[14.05.2013] - Added reference [10] and [11]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk