OpenDocMan Cross Site Scripting (XSS)

2008.06.17

Credit: S21sec labs

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2008-2787

CWE: CWE-79

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

##############################################################
- S21Sec Advisory -
##############################################################
Title: OpenDocMan Cross Site Scripting (XSS)
ID: S21sec-044-en
Severity: Low
History: 15.Apr.2008 Vulnerability discovered
16.Apr.2008 Vendor contacted
27.May.2008 Patch available
Scope: Cross Site Scripting XSS
Platforms: Any
Author: Sergi Rosell (srosello_at_s21sec&#46;com)
URL: http://www.s21sec.com/avisos/s21sec-044-en.txt
Release: Public
[ SUMMARY ]
OpenDocMan is a free document management system (DMS) designed to
comply with ISO 17025 and OIE standard for document management. It
features web based access, fine grained control of access to files,
and automated install and upgrades.
[ AFFECTED VERSIONS ]
This vulnerability has been tested in version v1.2.5 (March, 2nd 2007).
[ DESCRIPTION ]
An insufficient input validation allows code injection in the
parameter 'last_message'. Example:
http://server/opendocman-1.2.5/out.php?last_message=%3Cscript%3Ealert(document.cookie)%3C/script%3E
[ WORKAROUND ]
There is patch available in the following url:
https://sourceforge.net/tracker/index.php?func=detail&aid=1975163&group_id=69505&atid=524753
[ ACKNOWLEDGMENTS ]
This vulnerability has been found and researched by:
- Sergi Rosell <srosello_at_s21sec&#46;com> S21sec
[ REFERENCES ]
* OpenDocman
http://opendocman.com/
* S21sec
http://www.s21sec.com
* S21sec Blog
http://blog.s21sec.com

References:

http://www.securityfocus.com/bid/29765

http://secunia.com/advisories/30750

http://xforce.iss.net/xforce/xfdb/43135

http://www.securitytracker.com/id?1020300

http://www.securityfocus.com/archive/1/archive/1/493390/100/0/threaded

http://www.s21sec.com/avisos/s21sec-044-en.txt

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

OpenDocMan Cross Site Scripting (XSS)

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.