Title: LogicalDOC Enterprise 7.7.4 Reflected Cross-Site Scripting Vulnerabilities
Advisory ID: ZSL-2018-5449
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 11.02.2018

Summary

LogicalDOC is a free document management system that is designed to handle and share documents within an organization. LogicalDOC is a content repository, with Lucene indexing, Activiti workflow, and a set of automatic import procedures.

Description

LogicalDOC suffers from multiple reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Vendor

LogicalDOC Srl - https://www.logicaldoc.com

Affected Version

7.7.4
7.7.3
7.7.2
7.7.1
7.6.4
7.6.2
7.5.1
7.4.2
7.1.1

Tested On

Microsoft Windows 10
Linux Ubuntu 16.04
Java 1.8.0_161
Apache-Coyote/1.1
Apache Tomcat/8.5.24
Apache Tomcat/8.5.13
Undisclosed 8.41

Vendor Status

[26.01.2018] Vulnerabilities discovered.
[30.01.2018] Vendor contacted.
[07.02.2018] No response from the vendor.
[08.02.2018] Vendor contacted again.
[10.02.2018] No response from the vendor.
[11.02.2018] Public security advisory released.

PoC

logicaldoc_xss.html

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] https://packetstormsecurity.com/files/146351
[2] https://cxsecurity.com/issue/WLB-2018020145
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/139086

Changelog

[11.02.2018] - Initial release
[21.02.2018] - Added reference [1], [2] and [3]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk