Name 	: Bigace 2.7.2   

Vendor 	: http://www.bigace.de/

Bug 	: XSS
Date 	: 18.06.2010
Tested 	: Ubuntu 10 LTS
Thanks	: 4 you
Details	:

There is a XSS vulnerability in login page.

to see it, type in login and password: "><script>alert(xsshere)</script>
(its POST $UID and $PW value). If You use for example DataTamper You can set XSS for $language variable as well.
So there is an option to XSS by $UID, $PW and $language.

Its also possible to make XSS attack by search engine (DataTamper + $language = {xss}).

In admin panel we can do xss via GET:



XSS found also with $desingName, $description.
When setting new user, click to 'userdata'. Here you have 11 form field - all exploitable by XSS:
$mode, $data_id/firstname/lastname/homepage/phone/mobile/fax/company/street/city/citycode/country.

When creating new user $userName is vulnerable to XSS.

When we get to logging page (admin panel): variables $start, $amount, $namespace and $level.

Statistic page is the same... This tame $mode var is vulnerable.

Thats (maybe) all. ;)
Producent poinformowany.