iBrowser plugin versions 1.4.1 and below suffer from a cross site scripting vulnerability.
2107ed08679b3cadf3a5612f0068b8a88d9524b1ecc47a00f4761fae255d7405
iBrowser Plugin v1.4.1 (dir) Remote Cross-Site Scripting Vulnerability
Vendor: net4visions.com
Product web page: http://www.net4visions.com
Affected version: <= 1.4.1 Build 10182009
Summary: iBrowser is an image browser plugin for WYSIWYG editors like
tinyMCE, SPAW, htmlAREA, Xinha and FCKeditor developed by net4visions.
It allows image browsing, resizing on upload, directory management and
more with the integration of the phpThumb image library.
Desc: iBrowser suffers from a XSS vulnerability when parsing user input
to the 'dir' parameter via GET method in 'random.php' and 'phpThumb.demo.random.php'.
Attackers can exploit this weakness to execute arbitrary HTML and script
code in a user's browser session.
Tested on: Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
liquidworm gmail com
Advisory ID: ZSL-2011-5044
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5044.php
15.09.2011
--
http://SOME_CMS/jscripts/tiny_mce/plugins/ibrowser/scripts/random.php?dir=<script>alert('zsl')</script>
http://SOME_CMS/jscripts/tiny_mce/plugins/ibrowser/scripts/phpThumb/demo/phpThumb.demo.random.php?dir=<script>alert('zsl')</script>