Spiceworks 6.0.00993 Multiple Script Injection Vulnerabilities

Title: Spiceworks 6.0.00993 Multiple Script Injection Vulnerabilities
Advisory ID: ZSL-2012-5107
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 17.09.2012
Summary
The Spiceworks IT Desktop delivers nearly everything you need to simplify your IT job. Available in a variety of languages, Spiceworks' single, easy-to-use interface combines Network Inventory, Help Desk, Mapping, Reporting, Monitoring and Troubleshooting. And, it connects you with other IT pros to share ideas, solve problems and decide what additional features you need in Spiceworks.
Description
Spiceworks suffers from multiple stored cross-site scripting vulnerabilities. The issues are triggered when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Vendor
Spiceworks Inc. - http://www.spiceworks.com
Affected Version
6.0.00993 and 6.0.00966
Tested On
Microsoft Windows 7 Ultimate SP1 (EN)
Apache 2.2.19
Ruby 1.9.1
SQLite 3.7.5
Vendor Status
[26.08.2012] Vulnerabilities discovered.
[29.08.2012] Contact with the vendor.
[29.08.2012] Vendor responds asking more details.
[29.08.2012] Sent detailed information to the vendor.
[29.08.2012] Vendor confirms receiving files.
[03.09.2012] Asked vendor for confirmation.
[04.09.2012] Vendor awaits status from submited ticket to development team.
[11.09.2012] Asked vendor for status update.
[11.09.2012] Vendor says that the development team is still investigating.
[13.09.2012] Informed the vendor that the advisory will be published on 17th of September.
[14.09.2012] Vendor replies stating that a developer will contact us.
[17.09.2012] No contact from the development team.
[17.09.2012] Public security advisory released.
PoC
spiceworks_xss.txt
spiceworks_xss.html
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://community.spiceworks.com/help#Current
[2] http://cxsecurity.com/issue/WLB-2012090153
[3] http://www.securityfocus.com/bid/55572
[4] http://packetstormsecurity.org/files/116619
[5] http://www.exploit-db.com/exploits/21392/
[6] http://xforce.iss.net/xforce/xfdb/78634
[7] http://www.osvdb.org/show/osvdb/86084
[8] http://www.osvdb.org/show/osvdb/86085
[9] http://www.osvdb.org/show/osvdb/86086
[10] http://www.osvdb.org/show/osvdb/86087
[11] http://www.osvdb.org/show/osvdb/86088
[12] http://www.osvdb.org/show/osvdb/86089
[13] http://www.osvdb.org/show/osvdb/86090
[14] http://www.osvdb.org/show/osvdb/86091
Changelog
[17.09.2012] - Initial release
[19.09.2012] - Added reference [5]
[20.09.2012] - Added reference [6]
[11.11.2012] - Added reference [7], [8], [9], [10], [11], [12], [13] and [14]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk