Application: OpenCms
Version: 7.5.0
Hardware: Tomcat/Oracle
Vulnerability: Cross-Site Scripting, Phishing Through Frames, Application Error
Overview:
Various URL's within the deployed OpenCms application version 7.5.0 are open to attacks, including Cross-Site Scripting, Phishing Through Frames and Application Error. Some of these attacks allow injection of scripts into a parameter in the request. The application should filter out such hazardous characters from user input.
Example follows:
Vulnerable URL (from the OpenCms VFS):
/opencms/opencms/system/modules/org.opencms.workplace.help/jsptemplates/
help_head.jsp?&homelink=>"'><script>alert("This%20site%20has%20been%20co mpromised")</script>
Results:
Insertion of the script into the homelink parameter successfully embeds the script in the response and is executed once the page is loaded into the user's browser (i.e. vulnerable to Cross-Site Scripting)
Below find the complete list of vulnerable URL's (all paths are relative to the OpenCms VFS). All issues are of High risk.
/opencms/opencms/system/modules/org.opencms.workplace.help/elements/sear
ch.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s): query
Vulnerability(s): Cross-Site Scripting
/opencms/opencms/system/modules/org.opencms.workplace.help/jsptemplates/
help_head.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s): homelink
Vulnerability(s): Cross-Site Scripting, Phishing Through Frames
/opencms/opencms/system/workplace/commons/preferences.jsp
Remediation: Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions
Parameter(s): tabdicopyfilemode, tabdicopyfoldermode, tabdideletefilemode
Vulnerability(s): Application Error
/opencms/opencms/system/workplace/commons/property.jsp
Remediation: Filter out hazardous characters from user input
Parameter: resource
Vulnerability(s): Cross-Site Scripting
/opencms/opencms/system/workplace/commons/publishproject.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s): title, cancel, dialogtype, framename, progresskey, projected, projectname, publishsiblings, relatedresources, subresources
Vulnerability(s): Cross-Site Scripting, Phishing Through Frames, SQL Injection
/opencms/opencms/system/workplace/commons/publishresource.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s):
Vulnerability(s): Cross-Site Scripting
/opencms/opencms/system/workplace/commons/unlock.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s): title
Vulnerability(s): Cross-Site Scripting, Phishing Through Frames
/opencms/opencms/system/workplace/editors/editor.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s): resource
Vulnerability(s): Cross-Site Scripting
/opencms/opencms/system/workplace/editors/dialogs/elements.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s): elementlanguage, resource, title
Vulnerability(s): Cross-Site Scripting, Phishing Through Frames
/opencms/opencms/system/workplace/locales/en/help/index.html
Remediation: Filter out hazardous characters from user input
Parameter(s): workplaceresource
Vulnerability(s): Phishing Through Frames
/opencms/opencms/system/workplace/views/admin/admin-main.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s): path
Vulnerability(s): Cross-Site Scripting
/opencms/opencms/system/workplace/views/explorer/contextmenu.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s): acttarget
Vulnerability(s): Cross-Site Scripting, Phishing Through Frames
/opencms/opencms/system/workplace/views/explorer/explorer_files.jsp
Remediation: Filter out hazardous characters from user input
Parameter(s): mode
Vulnerability(s): Cross-Site Scripting
Katie French
CGI Federal