Details
-
Sub-task
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
Trunk
-
Bug Crush Event - 21/2/2015
Description
The pollbox seems to be subjet to request argument injection, without any strip of html tags (ex : <script>).
Nessus scan log :
Web Server Generic XSS
Synopsis :
The remote web server is prone to cross-site scripting attacks.
Description :
The remote host is running a web server that fails to adequately
sanitize request strings of malicious JavaScript. By leveraging this
issue, an attacker may be able to cause arbitrary HTML and script code
to be executed in a user's browser within the security context of the
affected site.
See also :
http://en.wikipedia.org/wiki/Cross-site_scripting
Solution :
Contact the vendor for a patch or upgrade.
Risk factor :
Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I/A:N)
Plugin output :
The request string used to detect this flaw was :
/?<script>cross_site_scripting.nasl</script>
The output was :
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: JSP/2.1
Set-Cookie: OFBiz.Visitor=12065; Expires=Wed, 21-Jul-2010 21:31:20 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 21 Jul 2009 21:31:19 GMT
[...]
<h3>Mouse Hand Poll</h3>
<div class="screenlet-body">
<form method="post" action="/control/minipoll/main" style="margin: 0;">
<input type="hidden" name="<script>cross_site_scripting.nasl</script>" value=""/>
<input type="hidden" name="surveyId" value="1004"/>
<table width="100%" border="0" cellpadding="2" cellspacing="0">
[...]
CVE : CVE-2002-1060, CVE-2003-1543, CVE-2005-2453, CVE-2006-1681
BID : 5305, 7344, 7353, 8037, 14473, 17408
Other references : OSVDB:4989, OSVDB:18525, OSVDB:24469, OSVDB:42314
Nessus ID : 10815