Info

Disclosure

May 10, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Jadu CMS has been reported to contain a cross-site scripting issue in the register.php script. After extensive dialogue with the vendor, Jadu Ltd., it has been determined that the affected script is not part of the Jadu CMS distribution. The affected script was utilized on a handful of customer sites but did not affect a site based on the use of Jadu CMS.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
OSVDB: Web Related, Myth / Fake

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Jadu, Ltd. has released a patch to address this vulnerability. The patch only applies to a limited number of their customer base that used a customized version of a register.php script.

Products

Jadu, Ltd.

Jadu CMS

References

Bugtraq ID: 17929
Secunia Advisory ID: 20053
CVE ID: 2006-2305 (see also: NVD)
VUPEN Advisory: ADV-2006-1760
Mail List Post: http://attrition.org/pipermail/vim/2006-June/000811.html
Vendor URL: http://www.jadu.co.uk/site/index.php

Credit

Behn00d -

Direct URL: http://osvdb.org/25430