Vendor: Anyware Services
Product web page: http://www.ametys.org
Download: http://www.ametys.org/en/download/ametys-cms.html
Affected version: 3.5.2 and 3.5.1
Summary: Ametys is a Java-based open source CMS combining
rich content with an easy-to-use and intuitive interface.
Desc: Input passed via the 'lang' POST parameter in the
newsletter plugin is not properly sanitised before being
used to construct a XPath query for XML data. This can be
exploited to manipulate XPath queries by injecting arbitrary
XPath code.
Tested on: Microsoft Windows 7 Ultimate (EN) 32bit
Jetty 6.1.21
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience