Apache Pluto 3.0.0 / 3.0.1 Cross Site Scripting

2019.04.28
Credit: Mishra Dhiraj
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

# Exploit Title: Stored XSS # Date: 25-04-2019 # Exploit Author: Dhiraj Mishra # Vendor Homepage: https://portals.apache.org/pluto # Software Link: https://portals.apache.org/pluto/download.html # Version: 3.0.0, 3.0.1 # Tested on: Ubuntu 16.04 LTS # CVE: CVE-2019-0186 # References: # https://nvd.nist.gov/vuln/detail/CVE-2019-0186 # https://portals.apache.org/pluto/security.html # https://www.inputzero.io/2019/04/apache-pluto-xss.html Summary: The "Chat Room" portlet demo that ships with the Apache Pluto Tomcat bundle contains a Cross-Site Scripting (XSS) vulnerability. Specifically, if an attacker can input raw HTML markup into the "Name" or "Message" input fields and submits the form, then the inputted HTML markup will be embedded in the subsequent web page. Technical observation: - Start the Apache Pluto Tomcat bundle - Visit http://localhost:8080/pluto/portal/Chat%20Room%20Demo - In the name field, enter: <input type="text" value="Name field XSS></input> - Click Submit - In the message field, enter: <input type="text" value="Message field XSS></input> Patch: 3.0.x users should upgrade to 3.1.0


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top