The California Democratic Party website contains these two security problems:

1. An XSS vulnerability

2. A weakness to brute-force attacks in the password recovery system

These two weaknesses are dangerous alone, but even more dangerous if used together, as explained in this article: http://ha.ckers.org/deathby1000cuts/

1. An XSS vulnerability

Go here:

http://www.cadem.org/c.jrLZK2PyHmF/b.1097471/k.94E5/Elected_Lookup/siteapps/advocacy/search.aspx

Search for this address

a<script>alert("XSS");</script>

like this

XSS-DNC1 (234K)

The result is this

XSS-DNC2 (85K)

This goes right past NoScript in Firefox. That's pretty evil!

2. A weakness to brute-force attacks in the password recovery system

Go to this page:

https://www.kintera.org/siteapps/security/LoginRetrieval.aspx?membershipreq=665362,289826&targetURL=http%3A%2F%2Fwww.cadem.org%2Fsite%2Fpp.aspx%3Fc%3DjrLZK2PyHmF%26b%3D4989497&sessionid=09538E47D144465EBD1F5E38D8D927B5&c=jrLZK2PyHmF&b=4956469

CDP-BF1 (192K)

Enter any email address such as a@b.com

The response tells you whether that email is in the system, as shown below:

CDP-BF2 (204K)

That enables an attacker to find the email accounts that are in the system, and those that are not. Then the attacker can spoof one member's apparent email address and send email to an address that is really in the system, exploiting the XSS vulnerability to hijack that person's session.

I found these on 4-18-09, and reported them to the these addresses on 4-18-09:

abuse@kintera.org
abuse@cadem.org (this bounced)
admin@cadem.org
and on their "contact us" form.

Sam Bowne