Some vulnerabilities have been discovered in osCMax, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.

1) Input passed in the URL to catalog_products_with_images.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input passed in the "search" parameter and the "Category Heading Title" and "Category Description" form fields to admin/categories.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation of this vulnerability requires that the target user has valid administrator credentials.

NOTE: Other parameters are reportedly also affected.

3) The FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php script allows the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to upload malicious PHP scripts with e.g. a .php3 extension.

The vulnerabilities are confirmed in version 2.0.0-RC3. Other versions may also be affected.

Solution
Update to version 2.0.25.

Provided and/or discovered by
1) VIRANGAR UNDER GR0UND TEAM (A.NOSRATI)
2) Thomas Pollet
3) ITSecTeam

Changelog
Further details available to Secunia VIM customers

Original Advisory
3) http://www.itsecteam.com/fa/vulnerabilities/vulnerability20.htm

Deep Links
Links available to Secunia VIM customers