ZeroCMS v1.0 Cross-Site Scripting Vulnerability Vendor: Another Awesome Stuff Product web page: http://www.aas9.in/zerocms Affected version: 1.0 Severity: Medium CVE: CVE-2014-4195 Date: 20/06/2014 Discovered by: Filippos Mastrogiannis (@filipposmastro) ZeroCMS is a very simple Content Management System Built using PHP and MySQL. Description: ZeroCMS v1.0 is vulnerable to Cross-Site Scripting (XSS) A cross site scripting vulnerability identified in the variable: "article_id" of the "zero_view_article.php" file which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the user input is interpreted as HTML/JavaScript by the browser. Proof Of Concept: In order to trigger the vulnerability and to display an alert box with the session cookie use the following standard payload: http://localhost/zerocms/zero_view_article.php?article_id=<script>alert(document.cookie);</script>