php-font-lib 0.3 Cross Site Scripting

2014.03.25
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


Ogólna skala CVSS: 4.3/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Częściowy
Wpływ na dostępność: Brak

========================================================== php-font-lib - Subset maker (make_subset.php) Reflected Cross-site Scripting Revision 1.0 ========================================================== Author: Daniel C. Marques (@0xc0da) Release date: 2014-03-23 Reference: http://codalabs.net/cla-2014-001 Disclosure Timeline =============== 2014-03-19 - Developer notified. 2014-03-19 - Developer patch. 2014-03-20 - CVE-2014-2570 assigned. 2014-03-23 - Public disclosure. Product Information =============== Product: php-font-lib Description: A library to read, parse, export and make subsets of different types of font files. Developer: Fabien Mnager Website: https://github.com/PhenX/php-font-lib Overview ======= The Subset maker of the affected php-font-lib versions is vulnerable to a Reflected Cross-site Scripting. This vulnerability might allow remote unauthenticated attackers to inject arbitrary Javascript or HTML via the name parameter. This flaw exists because the contents of name are not sanitized before it is inserted in the web page. Vulnerability Information ================== Vulnerability: Reflected Cross-site Scripting CVE Identifier: CVE-2014-2570 CVSSv2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE Identifier: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected releases: 0.3 Vulnerability details ============== The make_subset.php script in the www directory does not sanitize the contents of the name parameter before echoing it to the user. The vulnerable piece of code is shown below: <h1><?php echo $name ?></h1> This vulnerability can be used to inject Javascript code to be rendered by the browser. An attacker must trick the user to access a crafted URL (using social engineering, e.g.) for a successful attack. Proof-of-Concept ============= http://www.example.com/php-font-lib/www/make_subset.php?fontfile=../fonts/Norasi.ttf&name=<script>alert('XSS')</script> Solution ====== The developer informed that version 0.3.1 fixes the issue. Credits ====== Vulnerability identified and reported by Daniel C. Marques (@0xc0da). References ========= [1] https://github.com/PhenX/php-font-lib [2] https://github.com/PhenX/php-font-lib/releases/tag/0.3.1 [3] https://cwe.mitre.org/data/definitions/79.html [4] http://codalabs.net/cla-2014-001


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top