Post Revolution Multiple HTML Injection and Denial of Service Vulnerabilities

Summary

Post Revolution is prone to multiple html-injection vulnerabilities and a denial-of-service vulnerability because the application fails to sufficiently sanitize user-supplied input.

Credit:

The information has been provided by Javier Bassi.
The original article can be found at: http://www.securityfocus.com/bid/47967


Details

Vulnerable Systems:
 * Post Revolution PostRev 0.8.0c

Immune Systems:
 * Post Revolution PostRev 0.8.0c-2

An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Vendor Status:
The vendor has released an update and an advisory.

Patch Availability:
http://postrev.com.ar/verpost.php?id_noticia=59

CVE Information:
CVE-2011-1952
CVE-2011-1953

Disclosure Timeline:
Initial Release: Jun 01 2011

Categories: News