Posts Tagged ‘ scripting

NCH Software Inventoria 3.45 (id param) Reflected Cross-Site Scripting Vulnerability

The application suffers from a reflected XSS issue due to a failure to properly sanitize user-supplied input to the ‘id’ GET parameter in the ‘locdelete’ (JSP) script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

inventoria_xss

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5167.php

BoxBilling 3.6.11 (mod_notification) Stored Cross-Site Scripting Vulnerability

BoxBilling suffers from a stored cross-site scripting vulnerability. Input passed to the ‘message’ POST parameter thru the ‘Notification Center’ extension/module is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

boxbilling_xss

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5163.php

Atlassian JIRA v6.0.3 Arbitrary HTML/Script Execution Vulnerability

JIRA suffers from a reflected XSS issue due to a failure to properly sanitize user-supplied input to the ‘name’ GET parameter in the ‘deleteuserconfirm.jsp’ script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5151.php

jira_credits

jira2_xss

jira-workflow

WordPress Newsletter Plugin 3.2.6 (alert) Reflected XSS Vulnerability

The plugin suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the ‘alert’ GET parameter in the ‘page.php’ script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

newsletter_xss

Advisory ID: ZSL-2013-5141
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php

Securimage 3.5 URI-based Cross-Site Scripting Vulnerability

Securimage suffers from a XSS issue in ‘example_form.php’ that uses the ‘REQUEST_URI’ variable. The vulnerability is present because there isn’t any filtering to the mentioned variable in the affected script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5139.php

securimage

Squirrelcart v3.5.4 (table) Remote Cross-Site Scripting Vulnerability

Squirrelcart suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the ‘table’ GET parameter in the ‘index.php’ script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

Squirrelcart XSS

Vendor:

Squirrelcart Security Patch #SC130218
Release date: 02/19/2013

XSS (Cross Site Scripting) vulnerability patch
Affected Squirrelcart versions: v2.0.0 – 3.5.4

How to find your version number:
———————————————————————
You can locate your Squirrelcart version in the upper right hand corner of your control panel.

Patch Info and Instructions
———————————————————————
This is a patch for protecting against a XSS (Cross Site Scripting) vulnerability that was discovered on 02/19/2013 by Zero Science Lab:
http://www.zeroscience.mk/. This vulnerability is due to the table parameter passed in the control panel not being sanitized properly,
and can result in HTML or Javascript being inserted into the page.

http://www.squirrelcart.com/downloads.php
http://www.squirrelcart.com/index.php?downloads=1&id=123

ZSL Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5128.php

phlyLabs phlyMail Lite 4.03.04 Multiple Vulnerabilities (XSS, PD, Open Redirect)

phlyMail suffers from multiple stored XSS vulnerabilities (post-auth) and Path Disclosure when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site and displaying the full webapp installation path.

Input passed via the ‘go’ parameter in ‘derefer.php’ script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

Advisories:

[ZSL-2013-5123] phlyLabs phlyMail Lite 4.03.04 (go param) Open Redirect Vulnerability
[ZSL-2013-5122] phlyLabs phlyMail Lite 4.03.04 Path Disclosure and Stored XSS Vulnerabilities

Joomla Incapsula Component 1.4.6_b Reflected Cross-Site Scripting Vulnerability

The Joomla Incapsula component suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the ‘token’ GET parameter in the ‘Security.php’ and ‘Performance.php’ scripts. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

incapsula1xss

incapsula2xss

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5121.php

Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities

Oracle OpenSSO suffers from multiple cross-site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Advisory ID: ZSL-2012-5114
Link: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5114.php

Oracle Identity Management 10g (username) XSS POST Injection Vulnerability

Oracle Identity Management suffers from a reflected XSS POST Injection vulnerability when parsing user input to the ‘username’ parameter via POST method thru ‘/usermanagement/forgotpassword/index.jsp’ script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

HTTP Request Headers:
----------------------

POST /usermanagement/forgotpassword/index.jsp HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: JSESSIONID=996b1e1dbc2cdec0e74c96f440780cfce507dce8144.e3eKa3
iTaN0Le34RaNuLb3yKchn0n6jAmljGr5XDqQLvpAe; ORA_WX_SESSION="6F35B41473025957B17F02F62855B522D4E22D7B-1#2";
Location=external; portal=9.0.3+en-us+us+AMERICA+CACA1F130AE0024EE043996B1DDC024E+
4D3F611B686669BF0BEC9DC4267652AC337EA1C5259A2168CF43540DE72E3BD5E
F1F589B40A6CD4E7007EB4D085EBD0681A1B2515CB22B5BED14922088
923D86B742E69FDA5D716C437D416C5F5B26049DC71083712AA9EA;
MODPLSQL_TRC=ReqId:11a179::PID:856d5bb0

btnSubmit=SUBMIT
username="><script>alert('XSS');</script>

HTTP Response Headers:
-----------------------

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: ORA_WX_SESSION="267FB4CAD2746E946102C01D527362A070E7D52C-1#2"; path=/
JSESSIONID=996b1e1dbc2cdec0e74c96f440780cfce507dce8144.e3eKa3iTaN0
Le34RaNuLb3yKchn0n6jAmljGr5XDqQLvpAe; path=/usermanagement; secure
Location=external;path=/;
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.2.1 (N;ecid=216172960764121113,1)
Content-Length: 3198
Date: Fri, 28 Sep 2012 21:39:00 GMT

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5110.php