OpenDocMan Cross Site Scripting (XSS)

2008.06.23
Credit: S21sec
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

############################################################## - S21Sec Advisory - ############################################################## Title: OpenDocMan Cross Site Scripting (XSS) ID: S21sec-044-en Severity: Low History: 15.Apr.2008 Vulnerability discovered 16.Apr.2008 Vendor contacted 27.May.2008 Patch available Scope: Cross Site Scripting XSS Platforms: Any Author: Sergi Rosell (srosello_at_s21sec&#46;com) URL: http://www.s21sec.com/avisos/s21sec-044-en.txt Release: Public [ SUMMARY ] OpenDocMan is a free document management system (DMS) designed to comply with ISO 17025 and OIE standard for document management. It features web based access, fine grained control of access to files, and automated install and upgrades. [ AFFECTED VERSIONS ] This vulnerability has been tested in version v1.2.5 (March, 2nd 2007). [ DESCRIPTION ] An insufficient input validation allows code injection in the parameter 'last_message'. Example: http://server/opendocman-1.2.5/out.php?last_message=%3Cscript%3Ealert(document.cookie)%3C/script%3E [ WORKAROUND ] There is patch available in the following url: https://sourceforge.net/tracker/index.php?func=detail&aid=1975163&group_id=69505&atid=524753 [ ACKNOWLEDGMENTS ] This vulnerability has been found and researched by: - Sergi Rosell <srosello_at_s21sec&#46;com> S21sec [ REFERENCES ] * OpenDocman http://opendocman.com/ * S21sec http://www.s21sec.com * S21sec Blog http://blog.s21sec.com

References:

http://www.securityfocus.com/bid/29765
http://secunia.com/advisories/30750
http://xforce.iss.net/xforce/xfdb/43135
http://www.securitytracker.com/id?1020300
http://www.securityfocus.com/archive/1/archive/1/493390/100/0/threaded
http://www.s21sec.com/avisos/s21sec-044-en.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top