Application: OpenCms
Version: 7.5.0
Hardware: Tomcat/Oracle
Vulnerability: Cross-Site Scripting, Phishing Through Frames,
Application Error
Overview:
Various URL's within the deployed OpenCms application version 7.5.0 are
open to attacks, including Cross-Site Scripting, Phishing Through Frames
and Application Error. Some of these attacks allow injection of scripts
into a parameter in the request. The application should filter out such
hazardous characters from user input.
Example follows:
Vulnerable URL (from the OpenCms VFS):
/opencms/opencms/system/modules/org.opencms.workplace.help/jsptemplates/
help_head.jsp?&homelink=>"'><script>alert("This%20site%20has%20been%20co
mpromised")</script>
Results:
Insertion of the script into the homelink parameter successfully embeds
the script in the response and is executed once the page is loaded into
the user's browser (i.e. vulnerable to Cross-Site Scripting)
Below find the complete list of vulnerable URL's (all paths are relative
to the OpenCms VFS). All issues are of High risk.
/opencms/opencms/system/modules/org.opencms.workplace.help/elements/sear
ch.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s): query
Vulnerability(s): Cross-Site Scripting
/opencms/opencms/system/modules/org.opencms.workplace.help/jsptemplates/
help_head.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s): homelink
Vulnerability(s): Cross-Site Scripting, Phishing Through Frames
/opencms/opencms/system/workplace/commons/preferences.jsp
Remediation: Verify that parameter values are in their expected ranges
and types. Do not output debugging error messages and exceptions
Parameter(s): tabdicopyfilemode, tabdicopyfoldermode,
tabdideletefilemode
Vulnerability(s): Application Error
/opencms/opencms/system/workplace/commons/property.jsp
Remediation: Filter out hazardous characters from user input
Parameter: resource
Vulnerability(s): Cross-Site Scripting
/opencms/opencms/system/workplace/commons/publishproject.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s): title, cancel, dialogtype, framename, progresskey,
projected, projectname, publishsiblings, relatedresources, subresources
Vulnerability(s): Cross-Site Scripting, Phishing Through Frames, SQL
Injection
/opencms/opencms/system/workplace/commons/publishresource.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s):
Vulnerability(s): Cross-Site Scripting
/opencms/opencms/system/workplace/commons/unlock.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s): title
Vulnerability(s): Cross-Site Scripting, Phishing Through Frames
/opencms/opencms/system/workplace/editors/editor.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s): resource
Vulnerability(s): Cross-Site Scripting
/opencms/opencms/system/workplace/editors/dialogs/elements.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s): elementlanguage, resource, title
Vulnerability(s): Cross-Site Scripting, Phishing Through Frames
/opencms/opencms/system/workplace/locales/en/help/index.html
Remediation: Filter out hazardous characters from user input
Parameter(s): workplaceresource
Vulnerability(s): Phishing Through Frames
/opencms/opencms/system/workplace/views/admin/admin-main.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s): path
Vulnerability(s): Cross-Site Scripting
/opencms/opencms/system/workplace/views/explorer/contextmenu.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s): acttarget
Vulnerability(s): Cross-Site Scripting, Phishing Through Frames
/opencms/opencms/system/workplace/views/explorer/explorer_files.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s): mode
Vulnerability(s): Cross-Site Scripting
Katie French
CGI Federal
12601 Fair Lakes Circle
Fairfax,VA 22033
FFX: (703) 227-5642
RRB: (202) 564-0475
