OpenWGA Content Manager 7.1.9 User-Agent HTTP Header XSS Vulnerability

Title: OpenWGA Content Manager 7.1.9 User-Agent HTTP Header XSS Vulnerability
Advisory ID: ZSL-2016-5316
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (2/5)
Release Date: 13.04.2016
Summary
OpenWGA is an advanced open source java based enterprise CMS platform featuring real WYSIWYG, a state of the art CMS IDE and more.
Description
OpenWGA suffers from a cross-site scripting vulnerability when input passed via the User-Agent HTTP header is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Vendor
Innovation Gate GmbH - https://www.openwga.com
Affected Version
OpenWGA Content Manager 7.1.9 (Build 230)
OpenWGA Admin Client 7.1.7 (Build 82)
OpenWGA Server 7.1.9 Maintenance Release (Build 642)
Tested On
Apache/2.2.14 (Ubuntu)
Apache Tomcat/6.0.41
Apache-Coyote/1.1
Vendor Status
[23.02.2016] Vulnerability discovered.
[28.02.2016] Vendor contacted.
[12.04.2016] No response from the vendor.
[13.04.2016] Public security advisory released.
PoC
openwga_xss.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] https://cxsecurity.com/issue/WLB-2016040092
[2] https://packetstormsecurity.com/files/136681
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/112261
Changelog
[13.04.2016] - Initial release
[14.04.2016] - Added reference [1] and [2]
[19.04.2016] - Added reference [3]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk