NASA Tri-Agency Climate Education (TrACE) 1.0 XSS

Risk: Low
Local: No
Remote: Yes

? NASA Tri-Agency Climate Education (TrACE) v1.0 Multiple XSS Vulnerabilities Vendor: NASA Product web page: Affected version: 1.0 Summary: The Tri-Agency Climate Education (TrACE) Catalog provides search and browse access to a catalog of educational products and resources. TrACE focuses on climate education resources that have been developed by initiatives funded through NASA, NOAA, and NSF, comprising a tri-agency collaboration around climate education. Desc: The application suffers from a reflected cross-site scripting vulnerability when input is passed to the 'product_id', 'pi', 'project_id' and 'funder' GET parameters in 'trace_results.php' script which is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Tested on: Apache/2.2.21 PHP 5.2.17 Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Zero Science Lab - Vendor status: [03.10.2012] Vulnerabilities discovered. [03.10.2012] Initial contact with the vendor. [04.10.2012] No reply from vendor. [05.10.2012] Tried contacting the vendor again. [12.10.2012] No reply from vendor. [13.10.2012] Last try contacting the vendor. [15.10.2012] Vendor replies stating that the problem is solved?! [16.10.2012] Replied to vendor that no problems are solved because no details were sent nor problems explained. [17.10.2012] Vendor decides to talk serious and asks for details, cynically. [18.10.2012] Sent detailed information and PoC files to the vendor. [22.10.2012] Asked vendor for status report. [22.10.2012] No reply from vendor. [23.10.2012] Vendor silently patches the application (v2.0). [23.10.2012] Asked vendor to have proper communication. [25.10.2012] No reply from vendor. [25.10.2012] Pointed out to the vendor about disclosure policy and ethical communication. [26.10.2012] Public security advisory released. Advisory ID: ZSL-2012-5111 Advisory URL: 03.10.2012 PoC: ---- -"><script>alert(1);</script>&project_id=40&funder=31&pi=43 -"><script>alert(2);</script>&funder=31&pi=43 -"><script>alert(3);</script>&pi=43 -"><script>alert(4);</script>


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019,


Back to Top