Multiple XSS vulnerabilites fixed in a City-CMS

The STERNBERG Software-Technik GmbH from Bielefeld (Germany) is producing Content Managment Systems for cities and alike.

Their solutions are already been used in different cities in Germany. In recent years users built up a habit to keep up to date with things that are going on int their community. A reader of our blog informed us that there was apperently a XSS-vunerablility in the web application. The reader wanted us to responsibly address this issue with the company. We gave that Webpage a quick overall investigation in which we were able to determin even more XSS-vunerabilities in varius subdomains. We contacted the company on the 16th of september 2012.

The tech suporrt was quite interested in our findinds and even asked for more details about the whole situation. We are glad to report that the issues we menotioned were quickly fixed. The company also informed their customers about an update fot all online based software. That’s the way to go for a company that places customer satifaction first.

We would like to thank our reader Danial Wagner for informing us about these xss issues and the company for fixing the issues quite fast.

If you’re aware of some critical security issues and you don’t want to report them by yourself, you can contact us via email (PGP) and we’ll see what we can do :)

The team of


Screenshot of the first XSS

Screenshot of the second XSS

Screenshot of the third XSS