# Ariko-Security: Security Audits , Audyt bezpieczeństwa
# Advisory: 14/2011

============ { Ariko-Security - Advisory #1/4/2011 } =============

BIGACE CMS multiple vulnerabilities HPP , XSS

Vendor's description of software and demo:
# http://www.bigace.de/

Dork:
# N/a

Application Info:
# Bigace 2.7.5

Vulnerability Info:
# Type: XSS ,HPP

Time Table:
# 21/02/2011 - Vendor notified

XSS:
#Input passed to the "language" and "type" parameters in index.php is not properly sanitised before being returned to the user.

HPP:
#Different responses for original and incorrect values of added parameters sent to index.php

Solution:
# Input validation of vulnerable parameters should be corrected.

Credit:
# Discoverd By: Ariko-Security 2011