Projectsend r572 Cross Site Scripting

2015.06.11

Credit: Matt Landers

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Title: Projectsend r572 - Cross Site Scripting (Reflected)
Disclosed: 5/28/15
Vendor Patched: 6/6/15
Published: 6/10/15
Credit:  Matt Landers - matt@mjltech.net
Original Advisory: www.mjltech.net/adv/MJLTECH%20-%20Projectsend%20R572%20XSS.txt
======================================================================

Confirmed Vulnerable:  Projectsend R572
Vendor: http://www.projectsend.org/
Description from vendor website:
  "ProjectSend is a self-hosted application (you can install it easily on your own VPS or shared web hosting account) that lets you upload files and     assign them to specific clients that you create yourself! Secure, private and easy. No more depending on external services or e-mail to send those     files!"

======================================================================

Vulnerable file: index.php
Vulnerable parameter: login_form_user
Description of vulnerability: The parameter 'login_form_user'is vulnerable to XSS via POST request. 
Proof of Concept: POST http://www.********.com/index.php?login_form_user="><script>alert(1)</script>

References:

http://www.mjltech.net/adv/MJLTECH%20-%20Projectsend%20R572%20XSS.txt

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Projectsend r572 Cross Site Scripting

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.