You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ofbiz.apache.org by "Jacques Le Roux (JIRA)" <ji...@apache.org> on 2016/12/17 09:29:58 UTC

[jira] [Updated] (OFBIZ-2747) Security : The remote web server is prone to cross-site scripting attacks.

     [ https://issues.apache.org/jira/browse/OFBIZ-2747?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux updated OFBIZ-2747:
-----------------------------------
    Labels: CVE  (was: )

> Security :  The remote web server is prone to cross-site scripting attacks.
> ---------------------------------------------------------------------------
>
>                 Key: OFBIZ-2747
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-2747
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: specialpurpose/ecommerce
>    Affects Versions: Trunk
>            Reporter: Alexandre Mazari
>            Assignee: Scott Gray
>            Priority: Critical
>              Labels: CVE
>             Fix For: Release Branch 09.04, Trunk
>
>
> The pollbox seems to be subjet to request argument injection, without any strip of html tags (ex : <script>).
> Nessus scan log :
> Web Server Generic XSS
> Synopsis :
> The remote web server is prone to cross-site scripting attacks.
> Description :
> The remote host is running a web server that fails to adequately
> sanitize request strings of malicious JavaScript. By leveraging this
> issue, an attacker may be able to cause arbitrary HTML and script code
> to be executed in a user's browser within the security context of the
> affected site.
> See also :
> http://en.wikipedia.org/wiki/Cross-site_scripting
> Solution :
> Contact the vendor for a patch or upgrade.
> Risk factor :
> Medium / CVSS Base Score : 4.3
> (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
> Plugin output :
> The request string used to detect this flaw was :
> /?<script>cross_site_scripting.nasl</script>
> The output was :
> HTTP/1.1 200 OK
> Server: Apache-Coyote/1.1
> X-Powered-By: JSP/2.1
> Set-Cookie: OFBiz.Visitor=12065; Expires=Wed, 21-Jul-2010 21:31:20 GMT; Path=/
> Content-Type: text/html;charset=UTF-8
> Transfer-Encoding: chunked
> Date: Tue, 21 Jul 2009 21:31:19 GMT
> [...]
> <h3>Mouse Hand Poll</h3>
> <div class="screenlet-body">
> <form method="post" action="/control/minipoll/main" style="margin: 0;">
> <input type="hidden" name="<script>cross_site_scripting.nasl</script>" value=""/>
> <input type="hidden" name="surveyId" value="1004"/>
> <table width="100%" border="0" cellpadding="2" cellspacing="0">
> [...]
> CVE : CVE-2002-1060, CVE-2003-1543, CVE-2005-2453, CVE-2006-1681
> BID : 5305, 7344, 7353, 8037, 14473, 17408
> Other references : OSVDB:4989, OSVDB:18525, OSVDB:24469, OSVDB:42314
> Nessus ID : 10815



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)