ExpressionEngine core.input.php cross-site scripting
| expressionengine-coreinput-xss (24296) |  Medium Risk |
Description:
ExpressionEngine is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the core.input.php script which is called by index.php. A remote attacker could exploit this vulnerability using the HTTP header, HTTP_REFERER, to execute script in a victim's Web browser within the security context of the hosting Web site when the Referers Statistics is viewed. This will allow the attacker to steal the victim's cookie-based authentication credentials, including those of the administrator.
Consequences:
Gain Access
Remedy:
Refer to the ExpressionEngine Web site for patch information. See References.
References:
- eVuln Advisory EV0048: ExpressionEngine 'Referer' XSS Vulnerability.
- pMachine - Publish Your Universe Web site: ExpressionEngine.
- BID-16377: PMachine ExpressionEngine HTTP Referrer HTML Injection Vulnerability
- CVE-2006-0461: Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer).
- SA18602: ExpressionEngine Referer Script Insertion Vulnerability
- VUPEN/ADV-2006-0325: ExpressionEngine HTTP_REFERER Cross Site Scripting Vulnerability
Platforms Affected:
- EllisLab ExpressionEngine 1.4.1
Reported:
Jan 24, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net