Title: Anchor CMS v0.6 Multiple Persistent XSS Vulnerabilities
Advisory ID: ZSL-2012-5085
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 20.04.2012

Summary

Anchor is a content management system, written in PHP5, built for art-directed posts.

Description

Anchor CMS suffers from multiple stored and reflected XSS vulnerabilities when parsing user input to several parameters via GET and POST method. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

Vendor

Team Anchor - http://www.anchorcms.com

Affected Version

0.6-14-ga85d0a0

Tested On

Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.21
PHP 5.3.8
MySQL 5.5.20

Vendor Status

[20.04.2012] Vendor has some knowledge about the issues.
[01.05.2012] Vendor releases fix.

PoC

anchorcms_xss.html

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] https://github.com/anchorcms/anchor-cms/issues/106
[2] http://packetstormsecurity.org/files/112062
[3] http://www.securityfocus.com/bid/53181
[4] http://cxsecurity.com/issue/WLB-2012040183
[5] http://www.osvdb.org/show/osvdb/81293
[6] http://www.osvdb.org/show/osvdb/81294
[7] http://www.osvdb.org/show/osvdb/81295
[8] http://www.osvdb.org/show/osvdb/81296
[9] http://www.osvdb.org/show/osvdb/81297
[10] http://www.osvdb.org/show/osvdb/81298
[11] http://xforce.iss.net/xforce/xfdb/75061
[12] https://github.com/anchorcms/anchor-cms/tree/dev

Changelog

[20.04.2012] - Initial release
[21.04.2012] - Added reference [2] and [3]
[22.04.2012] - Added reference [4]
[23.04.2012] - Added reference [5], [6], [7], [8], [9] and [10]
[24.04.2012] - Added reference [11]
[01.05.2012] - Added vendor status and added reference [12]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk