CommonSpot server Cross-Site Scripting (XSS)

2010.02.03
Credit: procheckup
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

PR09-19: Cross-Site Scripting (XSS) on CommonSpot server Vulnerability found: 17th December 2009 Vendor informed: 18th December 2009 Severity: Medium Successfully tested on: Commonspot server http://www.paperthin.com/ Description: Commonspot server is vulnerable to a vanilla XSS Vulnerable server-side script: 'commonspot/utilities/longproc.cfm' Unfiltered parameter: 'arbitrary' Notes: Simple XSS Proof of Concept (PoC) URL: https://target-domain.foo/commonspot/utilities/longproc.cfm?onlyurlvars= 1&url=%27;--%3E%3C/script%3E%3Cscript%3Ealert%281%29%3C/script%3E Consequences: An attacker may be able to cause execution of malicious scripting code in the browser of a victim user who clicks on a link to a CommonSpot server. This type of attack can result in non-persistent defacement of the target site, or the redirection of confidential information (i.e.: session IDs or passwords) to unauthorised third parties. Credits: found by Richard Brain & Jan Fry - ProCheckUp Ltd (www.procheckup.com). Legal: Copyright 2009 Procheckup Ltd. All rights reserved. Permission is granted for copying and circulating this Bulletin to the Internet community for the purpose of alerting them to problems, if and only if, the Bulletin is not edited or changed in any way, is attributed to Procheckup, and provided such reproduction and/or distribution is performed for non-commercial purposes. Any other use of this information is prohibited. Procheckup is not liable for any misuse of this information by any third party.

References:

http://xforce.iss.net/xforce/xfdb/55955
http://www.securityfocus.com/bid/37986
http://www.securityfocus.com/archive/1/archive/1/509239/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0601.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top