Antville 1.1 Cross Site Scripting

2005.11.10
Credit: Moritz Naumann
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2005-3530
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0004 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ Antville 1.1 Cross Site Scripting +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON Nov 09, 2005 PUBLISHED AT http://moritz-naumann.com/adv/0004/antvxss/0004.txt http://moritz-naumann.com/adv/0004/antvxss/0004.txt.sig PUBLISHED BY Moritz Naumann IT Consulting & Services Hamburg, Germany http://moritz-naumann.com/ info AT moritz HYPHON naumann D0T com GPG key: http://moritz-naumann.com/keys/0x277F060C.asc AFFECTED APPLICATION OR SERVICE Antville http://www.antville.org/ AFFECTED VERSION Version 1.1 Possibly versions 1.0 and lower (untested) BACKGROUND Everybody knows XSS. http://en.wikipedia.org/wiki/XSS http://www.cgisecurity.net/articles/xss-faq.shtml ISSUE A XSS vulnerability has been detected in Antville. The problem is caused by insufficient input sanitation. By making a victim visit a specially crafted URL, it is possible to inject client side scripting (such as Javascript) and HTML which will be executed/rendered in her browser. The following URL demonstrates this issue: [antville_basepath]/project/<script>alert('XSS');</script> This may not be easily exploitable for cookie/session stealing attacks due to the IP address lock on the session. WORKAROUND Client: Disable Javascript. Server: Prevent access to the Antville installation. SOLUTIONS There does not seem to be a patch available. Our attempts to contact the developers were unsuccessful. TIMELINE Sep 19, 2005 Discovery Sep 19, 2005 Code maintainer notification Sep 29, 2005 Another code maintainer notification Nov 09, 2005 Public disclosure REFERENCES http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3530 ADDITIONAL CREDIT N/A LICENSE Creative Commons Attribution-ShareAlike License Germany http://creativecommons.org/licenses/by-sa/2.0/de/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDcijWn6GkvSd/BgwRAt1GAJwKCc/BKl9UKEGc4gNH3iO61em0xQCggqKG vr3wn/zqL0VwrGk/rEqhbR0= =s8WY -----END PGP SIGNATURE-----


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top