Vendor: Alkacon Software
Vulnerable Versions: 8.5.1 and probably prior
Tested Version: 8.5.1
Vendor Notification: June 12, 2013
Vendor Fix: July 10, 2013
Public Disclosure: July 17, 2013
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2013-4600
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab
High-Tech Bridge Security Research Lab discovered 2 XSS vulnerabilities in OpenCms, which can be exploited to perform Cross-Site Scripting attacks against users of vulnerable application.
1) Multiple Cross-Site Scripting (XSS) in OpenCms: CVE-2013-4600
1.1 The vulnerability exists due to insufficient sanitisation of user-supplied data in "title" HTTP GET parameter passed to "/opencms/opencms/system/workplace/views/admin/admin-main.jsp" script. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.
1.2 The vulnerability exists due to insufficient sanitisation of user-supplied data in "requestedResource" HTTP POST parameter passed to "/opencms/opencms/system/login/index.html" URL. A remote attacker can trick a logged-in user to open a specially crafted malicious webpage and execute arbitrary HTML and script code in browser in context of the vulnerable website.
<form action="http://[host]/opencms/opencms/system/login/index.html" method="post" name="main">
<input type="hidden" name="login" value="true">
<input type="hidden" name="ocPword" value="1">
<input type="hidden" name="ocUname" value="1">
<input type="hidden" name="requestedResource" value='</script><script>alert(document.cookie);</script>'>
<input type="submit" id="btn">
Upgrade to OpenCms 8.5.2
http://www.opencms.org/en/news/130710-o ... notes.html
 High-Tech Bridge Advisory HTB23160 - https://www.htbridge.com/advisory/HTB23160 - XSS vulnerabilities in OpenCms.
 OpenCms - http://www.opencms.org - OpenCms from Alkacon Software is a professional, easy to use website content management system.
 Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
 Common Weakness Enumeration (CWE) - http://cwe.mitre.org/ - targeted to developers and security practitioners, CWE is a formal list of software weakness types.