Radvision's Scopia Cross Site Scripting Vulnerabilities

Radvision's Scopia Cross Site Scripting Vulnerabilities

***********************************************************************
Author: Francesco Bianchino
contact: f.bianchino at gmail dot com
Product: Radvision's Scopia

Version: 5.7
Vendor Site: http://www.radvision.com
Product Support Page: http://www.radvision.com/Support/SCOPIA-57-Support/

***********************************************************************
Summary

Radvision's Scopia provides a solution for voice and video
collaborative communications.

***********************************************************************

Vulnerability Detail

The web-based interface is exposed to an XSS attack, the index.jsp page does not check the user's input and is possible to inject arbitrary code into the page parameters.

It's possible to steal user's cookie or other data sending a malicious crafted URL to authenticated user.

***********************************************************************

PoC

http://www.example.com/scopia/entry/index.jsp?page=play%3c%2fsCrIpT%3e%3csCrIpT%3ealert("document.cookie")%3c%2fsCrIpT%3e

***********************************************************************
Solution

Radvision has fixed the issue in SD 7.0.100 and later version.

***********************************************************************

Credits

Discovered and advised to Radvision, August 2009 by Francesco Bianchino.