Security : The remote web server is prone to cross-site scripting attacks. ---------------------------------------------------------------------------
Key: OFBIZ-2747 URL: https://issues.apache.org/jira/browse/OFBIZ-2747 Project: OFBiz Issue Type: Bug Components: specialpurpose/ecommerce Affects Versions: SVN trunk Reporter: Alexandre Mazari Priority: Critical The pollbox seems to be subjet to request argument injection, without any strip of html tags (ex : <script>). Nessus scan log : Web Server Generic XSS Synopsis : The remote web server is prone to cross-site scripting attacks. Description : The remote host is running a web server that fails to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. See also : http://en.wikipedia.org/wiki/Cross-site_scripting Solution : Contact the vendor for a patch or upgrade. Risk factor : Medium / CVSS Base Score : 4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N) Plugin output : The request string used to detect this flaw was : /?<script>cross_site_scripting.nasl</script> The output was : HTTP/1.1 200 OK Server: Apache-Coyote/1.1 X-Powered-By: JSP/2.1 Set-Cookie: OFBiz.Visitor=12065; Expires=Wed, 21-Jul-2010 21:31:20 GMT; Path=/ Content-Type: text/html;charset=UTF-8 Transfer-Encoding: chunked Date: Tue, 21 Jul 2009 21:31:19 GMT [...] <h3>Mouse Hand Poll</h3> <div class="screenlet-body"> <form method="post" action="/control/minipoll/main" style="margin: 0;"> <input type="hidden" name="<script>cross_site_scripting.nasl</script>" value=""/> <input type="hidden" name="surveyId" value="1004"/> <table width="100%" border="0" cellpadding="2" cellspacing="0"> [...] CVE : CVE-2002-1060, CVE-2003-1543, CVE-2005-2453, CVE-2006-1681 BID : 5305, 7344, 7353, 8037, 14473, 17408 Other references : OSVDB:4989, OSVDB:18525, OSVDB:24469, OSVDB:42314 Nessus ID : 10815 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.