# Ariko-Security: Security Audits , Audyt bezpieczeństwa
# Advisory: 741/2010

# 19.10.2010

============ { Ariko-Security - Advisory #4/10/2010 } =============

UGAL CMS multiple vulnerabilities

Vendor's Description of Software:
# http://www.ugal.com/

Dork:
# N/A

Application Info:
# Name: UGAL CMS
# last version

Vulnerability Info:
# Type: multiple XSS, multiple link injections, multiple iFrame injections, DOM based XSS

Time Table:
# 06/10/2010 - Vendor informed.

Fix:
# n/a

Input passed to the "userEmail" , "redirectTo" parameters in /login is not properly
sanitised before being returned to the user. (XSS),(link injection),(iFrame injection)

Input passed to the "redirectTo", parameter in /login is not properly
sanitised before being returned to the user. (DOM BASED XSS)

Solution:
# Input validation of all vulnerable parameters should be corrected.

Sample DOM based XSS:

submitButton=Login&submitAction=login&redirectTo=%2F%23%3Cscript%3Ewindow.open%28%27http%3A%2F%2FDOMXSS%2F%27%29%3C%2Fscript%3E

Credit:
# Discoverd By: Ariko-Security 2010