OpenConext-EngineBlock 5.7.3 Cross Site Scripting

2018.07.14
Credit: Andrew Klaus
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 XSS vulnerabilities were found in multiple pages that allows an attacker to inject arbitrary web scripts. The Twig PHP extension configuration was not sanitizing user input before display it to the user. Issues fixed in version 5.7.4 and 5.8.0. Git commit here: https://github.com/OpenConext/OpenConext-engineblock/pull/566 PoC URLs: https://engine.example.org/authentication/idp/help-discover?%22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E https://engine.example.org/authentication/idp/single-sign-on?%22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E CVE assigned: CVE-2018-1000611 Timeline: - - - 2018-06-29: Notified SURFnet about the vulnerability - - - 2018-07-04: Patch pull request created on Github - - - 2018-07-04: CVE Requested - - - 2018-07-05: Patch was merged on Github - - - 2018-07-12: Announcing on Full Disclosure -----BEGIN PGP SIGNATURE----- iQE9BAEBCgAnIBxBbmRyZXcgS2xhdXMgPGFuZHJld0Bha2xhdXMuY2E+BQJbR6ae AAoJEFYqtOvsX+ttmS0H/AorN3q5I3GmVUcjEYhwym1E/VJVFD1vfPQQf/XGtXdu O9qPjfVFmuCG1jXItLJmtUEDVU/HI8bLubyvhFzrvGB4tyJ8Y5mMR2GTBvQ3+o4W ckgw7wcMGWiVNEjvddgGlALg0W8eC23NoZoi92J5Cg8Ni3+ARvt6j/7sRp4Jn+Kp x2h8GeoPSp920QMoTYrehh16W/bRNRz/a9Y63UfNLSqv4DmZsMoa9NzA91T0GexP MHpObqbf6arQ5UzFKKF/UUsrQ8aiAL7tKsrhHs+byZZoiuHw/18eLeY82UKN8ocD ysrciARYDc53T0slM9wJZ6zy8XHghKjIUV9QmFstNUk= =rdVB -----END PGP SIGNATURE-----


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top