Easy CMS vulnerabilities exposed

Easy CMS contains vulnerabilities which can be exploited by hackers to conduct cross-site scripting attacks, IT security Web site Secunia warns.

"Some input isn`t properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user`s browser session in the context of an affected site," writes Secunia.

It has also been reported that it is possible to browse directories (eg the "images/" directory).

Though the vendor will reportedly fix the vulnerabilities soon, users are advised to filter malicious characters and character sequences in a proxy server or firewall that has URL filtering capabilities.

Content Management and Web Publishing vendor Quantum Art has announced record profits in 2005.

"Until December 2004, the majority of Quantum Art`s customers were government agencies. However in 2005, the company landed more than 50 new customer contracts with high technology and media companies," writes CMS Wire.

Quantum`s government accounts represented 30% of their product revenue, while new technology and media accounts represented 70%.

Seth Gottlieb, content management practice lead at Optaros, explains how one should go about selecting an open source CMS.

The report, found at ZDNet India, gives valuable insight into selection, what do with money that is saved by going open-source, and support issues.

"To get your bearings, focus on the business problem and look to see what other companies have used to solve similar problems. Narrow down to a set of viable options, the openness of open source will allow you to learn more about the software than you ever could learn in the commercial world," adds Gottlieb.