iBrowser Plugin v1.4.1 (dir) Remote Cross-Site Scripting Vulnerability Vendor: net4visions.com Product web page: http://www.net4visions.com Affected version: <= 1.4.1 Build 10182009 Summary: iBrowser is an image browser plugin for WYSIWYG editors like tinyMCE, SPAW, htmlAREA, Xinha and FCKeditor developed by net4visions. It allows image browsing, resizing on upload, directory management and more with the integration of the phpThumb image library. Desc: iBrowser suffers from a XSS vulnerability when parsing user input to the 'dir' parameter via GET method in 'random.php' and 'phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. Tested on: Microsoft Windows XP Professional SP3 (EN) Apache 2.2.14 (Win32) PHP 5.3.1 MySQL 5.1.41 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic liquidworm gmail com Advisory ID: ZSL-2011-5044 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5044.php 15.09.2011 -- http://SOME_CMS/jscripts/tiny_mce/plugins/ibrowser/scripts/random.php?dir=<script>alert('zsl')</script> http://SOME_CMS/jscripts/tiny_mce/plugins/ibrowser/scripts/phpThumb/demo/phpThumb.demo.random.php?dir=<script>alert('zsl')</script>