[MajorSecurity SA-078]PHPKIT WCMS - Reflected Cross Site Scripting Issue

Details
=============
Product: PHPKIT WCMS
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.phpkit.com/
Advisory-Status: published

Credits
=============
Discovered by: David Vieira-Kurz of MajorSecurity

Original Advisory
=============
http://www.majorsecurity.net/phpkit-wcms-xss.php

Affected Products:
=============
PHPKIT WCMS 1.6.5
Prior versions may also be vulnerable

Description
=============
"PHPKIT WCMS is an Content Management System."

More Details
=============
We at MajorSecurity have discovered some vulnerabilities in PHPKIT WCMS
1.6.5, which can be exploited by malicious people to conduct reflected
cross-site scripting attacks. Input passed directly to the "searchtext"
parameter in "/de/pk/include.php?path=contentarchive" is not properly
sanitised before being stored and returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's browser
session in context of an affected site.

Solution
=============
Web applications should never trust on user generated input and
therefore sanatize all input. Edit the source code to ensure that input
is properly sanitised.

MajorSecurity
================
MajorSecurity is a German sourcecode audit and penetration test company
which focuses on (web-)application security. We offer professional
source code audit, penetrationstest and pci dss compliance tests. Visit
us at http://www.majorsecurity.net/source-code-audit.php