[jira] Created: (OFBIZ-2747) Security : The remote web server is prone to cross-site scripting attacks.

Tue, 21 Jul 2009 15:23:48 -0700 

Security :  The remote web server is prone to cross-site scripting attacks.
---------------------------------------------------------------------------

                 Key: OFBIZ-2747
                 URL: https://issues.apache.org/jira/browse/OFBIZ-2747
             Project: OFBiz
          Issue Type: Bug
          Components: specialpurpose/ecommerce
    Affects Versions: SVN trunk
            Reporter: Alexandre Mazari
            Priority: Critical


The pollbox seems to be subjet to request argument injection, without any strip 
of html tags (ex : <script>).

Nessus scan log :


Web Server Generic XSS

Synopsis :

The remote web server is prone to cross-site scripting attacks.

Description :

The remote host is running a web server that fails to adequately
sanitize request strings of malicious JavaScript. By leveraging this
issue, an attacker may be able to cause arbitrary HTML and script code
to be executed in a user's browser within the security context of the
affected site.

See also :

http://en.wikipedia.org/wiki/Cross-site_scripting

Solution :

Contact the vendor for a patch or upgrade.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Plugin output :

The request string used to detect this flaw was :

/?<script>cross_site_scripting.nasl</script>

The output was :

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: JSP/2.1
Set-Cookie: OFBiz.Visitor=12065; Expires=Wed, 21-Jul-2010 21:31:20 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 21 Jul 2009 21:31:19 GMT


[...]
<h3>Mouse Hand Poll</h3>
<div class="screenlet-body">
<form method="post" action="/control/minipoll/main" style="margin: 0;">
<input type="hidden" name="<script>cross_site_scripting.nasl</script>" 
value=""/>
<input type="hidden" name="surveyId" value="1004"/>
<table width="100%" border="0" cellpadding="2" cellspacing="0">
[...]

CVE : CVE-2002-1060, CVE-2003-1543, CVE-2005-2453, CVE-2006-1681
BID : 5305, 7344, 7353, 8037, 14473, 17408
Other references : OSVDB:4989, OSVDB:18525, OSVDB:24469, OSVDB:42314

Nessus ID : 10815

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to