Radvision's Scopia Cross Site Scripting Vulnerabilities *********************************************************************** Author: Francesco Bianchino contact: f.bianchino at gmail dot com Product: Radvision's Scopia Version: 5.7 Vendor Site: http://www.radvision.com Product Support Page: http://www.radvision.com/Support/SCOPIA-57-Support/ *********************************************************************** Summary Radvision's Scopia provides a solution for voice and video collaborative communications. *********************************************************************** Vulnerability Detail The web-based interface is exposed to an XSS attack, the index.jsp page does not check the user's input and is possible to inject arbitrary code into the page parameters. It's possible to steal user's cookie or other data sending a malicious crafted URL to authenticated user. *********************************************************************** PoC http://www.example.com/scopia/entry/index.jsp?page=play%3c%2fsCrIpT%3e%3csCrIpT%3ealert("document.cookie")%3c%2fsCrIpT%3e *********************************************************************** Solution Radvision has fixed the issue in SD 7.0.100 and later version. *********************************************************************** Credits Discovered and advised to Radvision, August 2009 by Francesco Bianchino.