Havalite CMS has stored XSS vulnerability in comments of blog posts. Example:
POST http://example.com/?p=1 "comment" with value %E2%80%9C%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E
Tested in 1.1.7 (cbd391e913d04224225cf924a7fcb2b5), which was uploaded 2012-11-07 to sourceforge.net. I tried to
contact vendor without response.
https://sourceforge.net/projects/havalite/files/
Some other notes:
- CVE-2012-5919 still not fixed in 1.1.7 version
- CVE-2012-5893 does not work without administrator privileges, but uploaded files are executed (for example PHP)
- Typos in "readme.html"
- 777 modes not needed even it was in several places. 711 is enough for content directories
I recommend not to use this software before these vulnerabilities are fixed.
---
Henri Salo
henri@nerv.fi
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this informatio