Webmedia Explorer 6.13.2 multiple security vulnerabilities

There are multiple Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities in Webmedia Explorer 6.13.2 which may allow an attacker to take control of the software if a user with admin privileges browses a malicious page.

Software

Software Link: Webmedia Explorer 6.13.2

Vulnerable Version: <= 6.13.2

Default Credentials: Admin/changeme

Vendor Notification: marc.salmurri@gmail.com at 2010-11-05 12:22AM

# No reply from vendor by 2010-11-13 # Advisory released.

Fingerprint

A WhatWeb plugin for Webmedia Explorer is available.

Vulnerabilities

# Cross-Site Scripting (XSS) # <= 6.13.2 # Unpatched

The "tag", "dir", "action" and "image" parameters of "/index.php" are vulnerable to Cross-Site Scripting (XSS) :

The "background" and "theme" parameters of "/index.php" are vulnerable to Cross-Site Scripting (XSS) :

# Cross-Site Request Forgery (CSRF) # <= 6.13.2 # Unpatched

This URL will add a JavaScript XSS payload to the user's cookie on demo.webmediaexplorer.com which is then executed for every page the victim visit's on demo.webmediaexplorer.com.

Reference

# OWASP: Cross-Site Scripting (XSS)

# OWASP: Cross-Site Request Forgery

Appendix

[TXT] Webmedia Explorer 6.13.2 multiple security vulnerabilities