======================================================================
DEVWERKS SECURITY ADVISORY www.devwerks.net
======================================================================
devWerks Advisory ID: DW-2016-007
Application: UliCMS <= 9.8.5
Vendor: UliCMS
Subject: Cross-site Scripting - XSS
Author: Johannes Schroeter (j.schroeter@devwerks.net)
Date: 2016-10-15
======================================================================
Overview:
UliCMS is the ideal platform for developing small to medium sized websites.
The software combines incomparable stability in an Open Source CMS environment,
with low maintenance requirements and ease of use. With UliCMS you can use your
time as a webmaster for your project. You don't have to waste your time for
maintaining your CMS. This internet proven content management solution packs in
all the functionality your business needs today and in the future of the
Internet, including Access Control List, good extensibility and WYSIWYG content
editing using CKEditor. It's the rock solid content management solution you'd
expect from UliCMS.
devWerks discovered a security flaw in the UliCMS
web application, which allows execution of malicious code.
======================================================================
Details:
This particular vulnerability exists within the applications profile view
function and is due to improper input sanitization. For example, javascript
could be added and because of a lack of input sanitization/validation, the
javascript would execute within the context of the UliCMS web application.
Code:
ulicms/admin/inc/admins_edit.php
line 34:
echo $row->username;
line 46:
echo $row->lastname;
line 51:
echo $row->firstname;
line 57:
echo $row->email;
line 132:
value=" homepage?>">
twitter?>">
======================================================================
Timeline:
2016-10-02: Vendor notified
2016-10-02: Vendor response
2016-10-06: Vulnerability details sent to vendor
2016-10-06: Vendor confirmed security issue
2016-10-09: Release of patches for current supported versions 9.0.1, 9.8.4 and 9.8.5
2016-10-15: Public release of this advisory
======================================================================
Recommendation:
It is recommended to install the latest patch.
Grab your copy at:
http://www.ulicms.de/
======================================================================
References:
http://www.ulicms.de
http://devwerks.net
http://en.ulicms.de/aktuelles.html?single=xss-security-issue-in-user-edit-form-fixed