Toko Lite CMS 1.5.2 (EditNavBar.php) Multiple Parameters XSS POST Injection

Title: Toko Lite CMS 1.5.2 (EditNavBar.php) Multiple Parameters XSS POST Injection
Advisory ID: ZSL-2011-5047
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 19.09.2011
Summary
Toko Web Content Editor cms is a compact, multi language, open source web editor and content management system (CMS). It is advanced easy to use yet fully featured program that can be integrated with any existing site. It takes 2 minuets to install even for non technical users.
Description
Toko CMS suffers from a XSS vulnerability when parsing user input to the 'currPath' and 'path' parameters via POST method in 'editnavbar.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
Vendor
Toko - http://toko-contenteditor.pageil.net
Affected Version
1.5.2
Tested On
Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
Vendor Status
N/A
PoC
tokocms_xss.html
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://packetstormsecurity.org/files/105217
[2] http://secunia.com/advisories/46044/
[3] http://www.securityfocus.com/bid/49673
[4] http://xforce.iss.net/xforce/xfdb/69903
[5] http://securityreason.com/wlb_show/WLB-2011090084
[6] http://osvdb.org/show/osvdb/75599
Changelog
[19.09.2011] - Initial release
[20.09.2011] - Added reference [3], [4] and [5]
[22.09.2011] - Added reference [6]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk