CVE-2010-4155

Vulnerability

eXV2 CMS version 2.10 is vulnerable to multiple reflected cross-site scripting (XSS) attacks. The rssfeedURL parameter in manual/caferss/example.php and the sumb parameter in modules/news/archive.php, modules/news/topics.php, and modules/contact/index.php do not properly sanitize user input, allowing arbitrary web script or HTML to be injected [1]. These are distinct from previously reported XSS vectors (CVE-2007-1965).

Exploitation

An attacker can exploit these vulnerabilities by crafting a malicious URL containing JavaScript in the affected parameter and tricking a victim into clicking it. No authentication is required; the attacker only needs to lure a user who is browsing the site to visit the crafted link [1]. The injected script executes in the context of the victim's browser session on the vulnerable site.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser, leading to potential theft of session cookies, defacement, or redirection to malicious sites. The attacker can perform any action the victim can on the affected eXV2 CMS instance, potentially compromising sensitive data or account integrity [1].

Mitigation

As of the available references, no official patch or fixed version has been published for eXV2 CMS 2.10 [1]. Administrators are advised to sanitize the rssfeedURL and sumb parameters manually by escaping HTML characters, or to disable the vulnerable scripts if not needed. No workaround is provided by the vendor.