Westpoint Security Advisory
---------------------------

Title:         Ektron CMS400.NET Cross-Site Scripting Vulnerability
Risk Rating:   Medium
Platforms:     ASP.net (Windows)
Discovered by: Richard Moore <rich@westpoint.ltd.uk> and Rohan Stelling
Author:        Paul Jones <paul.jones@westpoint.ltd.uk>
Date:          06 Oct 2009
Advisory ID#:  wp-09-0005
URL:           http://www.westpoint.ltd.uk/advisories/wp-09-0005.txt
CVE:          

Overview
--------

A number of pages in the Ektron CMS400.NET WorkArea include client-supplied
data without correctly quoting it resulting in the ability to perform
cross-site scripting attacks using the site.


Details
-------

The exploit can be demonstrated with the following URLs:

http://www.example.com/WorkArea/reterror.aspx?info=<script>alert('vulnerable')</script>
http://www.example.com/workarea/medialist.aspx?action=ViewLibraryByCategory&selectids='; alert('Vulnerable');//


Impact
------

This flaw allows a potential attacker to inject malicious JavaScript or HTML
code, which will run at the same trust level as the server. This may enable
them to steal session cookies, form details, or other information.


Timeline
--------


17 Jul 2008	Ektron informed of the vulnerability