SilverStripe Forums Module 'Search' Parameter XSS

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server hosts a PHP application that is affected by a
cross-site scripting vulnerability.

Description :

The SilverStripe CMS install hosted on the remote web server includes
a version of the Forums module that is affected by a cross-site
scripting vulnerability. User input to the 'Search' parameter is not
sanitized before being used to generate dynamic HTML.

An attacker can exploit this flaw to execute arbitrary script code in a
user's browser.

See also :

http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0450.html
http://www.silverstripe.org/silverstripe-2-3-5-released/
http://www.nessus.org/u?27db2eee

Solution :

Upgrade to SilverStripe Forums module 0.2.2 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 44332 ()

Bugtraq ID: 37923

CVE ID: CVE-2010-1593